// Hacking NEWS // A Hacker Compromises Over 29 IoT Botnets
For the past weeks, an Internet user known as "Subby" has taken control of IoT DDoS botnets of 29 other hackers, ZDNet has learned.
The hacker exploited the fact that some botnet operators had used weak or default credentials to secure the backend panels of their command and control (C&C) servers.
In an interview, Subby stated he used a dictionary of usernames and a list of common passwords to brute-force his way through the command and control infrastructure of these 29 botnets. Some were using very weak credentials: username/password combinations, such as "root: root", "admin: admin" and "oof: oof".
Botnets built by "Skidz"
"It's obvious as to why this is happening", Subby said in the same interview which was conducted by Ankit Anubhav, a security researcher at Newsky Security and shared with ZDNet.
"A large percentage of botnet operators are simply following tutorials which have spread around in the community or are accessible on YouTube to set up their botnet" he said. "When following these tutorials, they do not change the default credentials. If they do change the credentials the password they supply is generally weak and therefore vulnerable to brute forcing".
What Subby is saying is nothing new, at least for the security researchers who've been tracking IoT botnets.
Last month, Anubhav also interviewed the author of the Kepler IoT botnet, who admitted to having built it following a tutorial and using random exploits he downloaded from the ExploitDB website.
Today, most IoT botnets are built in a similar way by computer hackers, most of who are teenagers with no technical skills. They often forget to change default credentials (as it happened in June 2018) or change the IP address of their command and control server (as it happened last week, sending bot traffic into an abyss).
The 29 botnets accounted for a meager 25,000 bots
According to Subby, none of the 29 pirated botnets were particularly large in size. The hacker said that an initial bot count revealed a total of nearly 40,000, but after eliminating duplicates, the actual count was a meager 25,000, which is considered low for a single IoT botnet.
"I was able to get a reliable network traffic graph produced of the traffic generated from all the botnets combined and it was just under 300gbit/s" Subby said, which, also, represents a pretty low traffic output.
Source : Ankit Anubhav's interview
I've made a lot of articles with tools, explanations and advises to show you how to protect your privacy and to secure your computer, GO check them out!
This is my guide To Secure your PC after a fresh installation of Windows
If you think that your Phone or your PC has been hacked, you have to check it right now!
That's how you can be more Anonymous on the internet!
The Future of Cyber-Security, what to expect?
The best Crypto debit card – Wirex!
These are the best VPN to protect your numeric life: NordVPN, ExpressVPN and CyberGhost!
Your PC is slow? That's why!
Why is it important to Be Discreet on the Internet
Feel hot? Your Computer also!
How an Adware works?
That's how you should guard against Trojan!
What are the different Types of hackers?
Gracias por darnos la información interesante