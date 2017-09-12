A 13 year old hacker caught trying to build up botnet to hack CCTV cameras demonstrates that attacking IoT devices is literally child's play, thanks to widespread sharing of IoTmalware.

Hackers openly sharing malware with others has led to one hacker being identified by the Skype ID he used.

According to a blog post by Ankit Anubhav, principal researcher at NewSky Security, the IoT threat landscape differs from conventional malware in terms of code sharing.

“While many windows malware authors are reluctant to share their source code (for free), IoT botnet source modules are available publicly on darknet hacking forums which makes the code reuse much easier. Most of IoT malware threats have been aided heavily by code sharing and reuse,” he said.

Anubhav said that he had observed one such dump site Daddyhackingteam, which hosts a lot of malware source code and tutorials, and this has now shifted completely to the dark side as now it is also a command and control server for an IoT botnet variant of Gr1n.

The website contains an archive of several IoT botnet source codes available publicly. The website also features contact details of the site owner, which helped New Sky Security track the owner's activity. According to Anubhav, by tracking the listed Skype ID, he observed that this person made three posts on a hackers' forum on questions related to set up a QBot of his own, and trying to get information to hack CCTVs to make his own botnet.

Later, it was deduced that the hacker got the code he was looking for as it was observed by researchers in-the-wild samples where the same daddyhackingteam website known for containing archives is used as a callback to download a shellscript. This shellscript further downloads and runs botnet binaries from the same website.

But the Skype ID was also used in the hunt for a job. “We found it either bold or immature of a malware author to use the same contact information for job hunting as well as for malicious activities. However, in his job search attempt, he mentions that he is 13 years old, which pretty much explains the dual use,” said Anubhav.

Anubhav went undercover to chat with the malware author, they admitted that they had a botnet of just 300 devices, but had failed to hack any CCTV cameras. The hacker confirmed they were 13 years old.

“When we told him that doing such illegal activities can land him in trouble, he was confident that he was immune because he was young. While various laws do have less harsh sentences for juveniles, in this case, we see this person taking advantage of that,” said Anubhav.

Anubhav added that with much IoT botnet source code dumped publicly along with tutorials, “it's literally child's play to set up a botnet by attacking IoT devices”.

