Internet privacy and security course
Aa font
AA font size
About translation
Previous Next

Chapter 16

Mass hacking of devices

In this chapter, you will find about the dangers of mass hacking. You probably know that every day your computers, Wi-Fi routers, smartphones, smart home devices are scanned by hackers worldwide for any weaknesses or breaches in protection.

If they identify a poorly protected or vulnerable device, they will exploit them for sending spam or mining cryptocurrency. In the worst case scenario, they will lock your data and demand a ransom for releasing it or use your computer for illicit activity which will put you on the radar of the law enforcement.

This chapter will focus on mass hacking of devices, a danger every one of us is exposed to. I've broken this chapter up into several parts: what devices get hacked, why devices get hacked, how they get hacked and how you can protect yourself from it.

Types of devices that get hacked

Actually every device as well as smart home devices can be hacked. On one condition: this device can be connected to the Internet. Hackers take a keen interest in computers, servers, mobile devices and routers as it’s easier to make money off them.

In the first place, a perpetrator will resort to automatic extortion of money through compromised devices, for instance, by breaking into and locking down the files on your computer. There is a very high likelihood that your computer has the information you will be more than willing to pay a ransom. All the stages – from network scanning to data locking are carried out automatically, the perpetrator just has to maintain the performance of the system and keep withdrawing the poor victim’s money.

It’s a bit harder to make money off hacking a smart washing machine. On the other hand, you must’ve heard about “botnets” – a number of interconnected devices that comprise smart things: washing machines, fridges, TV sets, electric kettles, coffee machines and other consumer appliances, even smart toys and video cameras. Similar botnets are capable of sending junk mail, perform DDoS attacks (on a quite impressive scale) and mine bitcoins though they are much inferior to hacked personal computers.

IoT Mirai is the most infamous botnet to date. This botnet led a massive attack on Brian Kreb’s blog that belongs to an independent journalist who specializes in cyber-crime. Mirai silenced Kreb’s blog launching DDoS attacks against it. But Krebs is not Mirai’s most high-profile victim. Mirai showed what it is truly capable of in one of the biggest cyber assaults of all time on October 21st, 2016 when it disrupted Dyn, a major U.S. DNS provider, brought down the sites of such tech giants like Twitter and Amazon and caused the network across the East Coast states to function intermittently. The day has come when kettles and coffee machines can rise to attack an entire government though for the time being it can be done only on the Internet.

Later Mirai was improved to mine bitcoins using smart devices. Though the efficiency of smart devices for mining bitcoins is minimal, it’s quite cost-efficient. Though Mirai is the most infamous IoT botnet attacks, it’s not the only one out there, other botnets like Hajime have become prominent by operating in a similar manner.

Why devices are hacked


The most profitable way to make money is to hold the contents of a user’s device for a ransom. A perpetrator hacks a victim’s computer, locks his hard drives, and the decryption key is sent to the perpetrator’s server while the victim receives the information how to pay a ransom and then unlock his data. Here’s an example of a ransom message:

As a rule, to obtain the decryption key, a victim is required to pay from $300 to $1,000.

We will reveal more about it in the chapter devoted to malware, but even if you have your data encrypted, don’t rush to take your money to scammers. For instance, a range of ransomware can be beaten by decryption software without having to pay any money. For instance, GandCrab, XData, Bitcryptor and a number of other malware programs can be defeated this way.

Some programs only imitate encryption, hiding files and demanding ransom. They are also called fake ransomware, for instance, Fake Cerber belongs to this malware breed. In the majority of cases the problem is solved by rebooting your device, in rare cases you will have to spend some time adjusting the settings to release the hidden files.

Sometimes the developers of ransomware outright cheat innocent users since their software can only encrypt data while unable to decrypt it. Wiper malware designed to look like your typical ransomware operates in this manner. For instance, Petya was a notorious piece of wiper malware that seized data on users’ computers and demanded ransoms. However, the victims never got their files back because the virus never checked who the payments arrived from nor offered any chance of decrypting them in actuality. Petya is not ransomware, this is a cyber-weapon of mass destruction aimed to destroy user’s computers and leave them inoperable. Sometime ransomware becomes wiper malware because of an error. This happened to ransomware AVCrypt that removed users’ files to an unrecoverable state because of a malfunction overlooked by its developers.

 Some ransomware doesn’t even have to encrypt files or fake their encryption: it just threatens to leak their private details and pass them, for instance, to intelligence agencies. LeakerLocker is the type of Android malware that threatened to send user’s pictures, SMS, history of calls, Internet browsing history to every person on his or her smartphone or emails contacts list. The malware demanded that use