The hacker’s name is Janit0r. You’ve probably never heard of him, but perhaps you’ve heard of his work. Janit0r is reportedly the one behind a particularly gnarly but undeniably fascinating form of malware called BrickerBot. BrickerBot, as the name implies, will brick internet of things (IoT) devices that fail a simple security test. This is surely illegal, but I love it.
Image: Flickr / The Preiser Project
News recently emerged that a third and fourth version of BrickerBot was spotted in the wild. These permanent-denial-of-service (PDoS) botnets are nasty, too. They scan the internet for IoT devices using default passwords and, eventually, wipe the device, corrupt its storage, and disconnect it from the internet. In other words, BrickerBot bricks unsecured gadgets like cameras, lightbulbs, TVs, and thousands more. The attack is getting even more powerful, too. BrickerBot.1 attacked 1,895 devices in the first four days of its operation. BrickerBot.3 attacked nearly 1,400 in 24 hours. A fourth BrickerBot has been detected, too, although it’s unclear how aggressively it’s launching attacks.
All this sounds bad. Put simply, a hacker or team of hackers built a tool that’s effectively destroying random people’s gadgets for no apparent reason. According to the reported creator of the botnets, however, the reason is very clear: BrickerBot is shutting down devices before truly malicious software can take control of them.
These days, the most feared IoT malware is known as Mirai. The Mirai botnet is what crippled America’s internet last October, when it infected millions of IoT devices and brought Dyn, one of the world’s largest domain name server companies, to its knees. This was obviously a bad development in the world of information security and, frankly, in the internet-connected world more generally. According to the reported creator of BrickerBot, it’s also why a rogue hacker called the Janit0r decided to start destroying everybody’s crappy web-connected cameras, thermostats, light bulbs, and any other category of IoT devices.
Let’s get one thing straight: destroying unsuspecting people’s gadgets is rude. However, it’s even ruder for companies to profit from selling people vulnerable technology that could be coopted and used in a global cyberattack. It’s downright irresponsible! But gadget companies just can’t stop doing it. In the latter half of last year, when the Mirai botnets basically broke the internet, some hackers realised that companies were not only unwilling to build better security into their devices; they were jeopardizing the security of the entire internet.
The Janit0r isn’t the only vigilante trying to improve IoT security, either. A few years ago, researchers discovered Wifatch, a batch of code that would infect IoT devices not to engage in malicious activities but rather to prevent other attackers from being able to break in. And then last year, a different batch of dubbed Hajime hit the radar. Hajime, like Wifatch before it, appeared to block ports that were known to be exploited by evil malware.
BleepingComputer, a delightful website devoted to helping people understand how computers work, was the first to spot and report on BrickerBot back in early April. Recently, after some top-notch sleuthing, the site managed to identify the Janit0r as the likely creator of BrickerBot and even managed to get him to explain why he crafted the attacks on unsecured IoT devices. His argument is compelling to say the least:
The IoT security mess is a result of companies with insufficient security knowledge developing powerful Internet-connected devices for users with no security knowledge. Most of the consumer-oriented IoT devices that I’ve found on the net appear to have been deployed almost exactly as they left the factory.
The Janit0r continued:
For example 9 out of every 10 Avtech IP cameras that I’ve pulled the user db from were set up with the default login admin/admin! Let that statistic sink in for a second.. and then consider that if somebody launched a car or power tool with a safety feature that failed 9 times out of 10 it would be pulled off the market immediately. I don’t see why dangerously designed IoT devices should be treated any differently and after the Internet-breaking attacks of 2016 nobody can seriously argue that the security of these devices isn’t important.
Nine out of ten devices is really, really bad. So why did the Janit0r result to destruction? The hacker claims that the attacks actually attempt to secure devices before bricking them, though Janit0r doesn’t specify how. We do know that the hacker is disabling dangerous devices and compels the consumer to shake their fist at the manufacturer. The Janit0r told BleepingComputer:
I consider my project a form of “Internet Chemotherapy” I sometimes jokingly think of myself as The Doctor. Chemotherapy is a harsh treatment that nobody in their right mind would administer to a healthy patient, but the Internet was becoming seriously ill in Q3 and Q4/2016 and the moderate remedies were ineffective. The side effects of the treatment were harmful but the alternative (DDoS botnet sizes numbering in the millions) would have been worse. I can only hope hope that when the IoT relapse comes we’ll have better ways to deal with it. Besides getting the number of IoT DDoS bots to a manageable level my other key goal has been to raise awareness. The IoT problem is much worse than most people think, and I have some alarming stories to tell.
That’s an oddly compelling mission statement. Again! Destroying other people’s property is not a good thing. However, if this tool can force the manufacturers of IoT devices to take security seriously, the outcome could benefit everyone.
So here’s to you, Janit0r. You’re breaking the law, but you’re doing it for a valiant reason. If you get arrested, you’ll still be my hero in jail.