HACKER LEAKS PASSWORDS FOR MORE THAN 500,000 DEVICES
A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) “smart” devices.
According to the Zdnet report, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker than tried using (1) factoryset default usernames and passwords, or (2) custom, but easy-toguess password combinations.
As per the ZDNet report, the list was published online by the maintainer of a DDoS-for-hire (DDoS booter) service.
These types of lists — called “bot lists” — are a common component of an IoT botnet operation. Hackers scan the internet to build bot lists, and then use them to connect to the devices and install malware.
These lists are usually kept private, although some have leaked online in the past, such as a list of 33,000 home router Telnet credentials that leaked in August 2017. This marks the biggest leak of Telnet passwords known to date.
All the lists the hacker leaked are dated OctoberNovember 2019. Some of these devices might now run on a different IP address, or use different login credentials.
An IoT security expert said that even if some entries on the list are not valid anymore because devices might have changed their IP address or passwords, the lists remain incredibly useful for a skilled attacker.
Misconfigured devices are not evenly spread out across the internet, but they're usually clustered on the network of one single ISP due to the ISP's staff misconfiguring the devices when deploying them to their respective customerbases.
An attacker could use the IP addresses included in the lists, determine the service provider, and then re-scan the ISP's network to update the list with the latest IP addresses.