Hacker takes over 29 IoT botnets


For the past few weeks, a threat actor who goes online by the name of “Subby” has taken over the IoT DDoS botnets of 29 other hackers, ZDNet has learned.

The hacker exploited the fact that some botnet operators had used weak or default credentials to secure the backend panels of their command and control (C&C) servers.

In an interview today, Subby said he used a dictionary of usernames and a list of common passwords to brute-force his way into the C&C infrastructure of these 29 botnets –some of which were using very weak user:password combos, such as “root:root”, “admin:admin”, and “oof:oof”.

List of passwords

List of passwords

Image: Ankit Anubhav (supplied)

Botnets built by “skidz”

“It’s obvious as to why this is happening,” Subby said in an interview conducted by Ankit Anubhav, a security researcher at NewSky Security and shared with ZDNet.

“A large percentage of botnet operators are simply following tutorials which have spread around in the community or are accessible on YouTube to set up their botnet,” he said. “When following these tutorials, they do not change the default credentials. If they do change the credentials the password they supply is generally weak and therefore vulnerable to brute forcing.”

What Subby is saying isn’t anything new, at least for the security researchers who’ve been tracking IoT botnets.

Last month, Anubhav also interviewed the author of the Kepler IoT botnet, who admitted to having built the botnet following a tutorial and using random exploits he downloaded from the ExploitDB website.

Most IoT botnets today are built in a similar manner, by hackers, most of who are teenagers without any technical skills. They often forget to change default credentials (as it happened before, in June 2018) or change the IP address of their C&C server (as it happened last week, sending bot traffic into an abyss).

All 29 botnets accounted for a meager 25,000 bots

According to Subby, none of 29 hijacked botnets were particularly large in size. The hacker said that an initial bot count revealed a total of nearly 40,000, but after removing duplicates, the actual count was a meager 25,000 –which is considered low for one IoT botnet alone, let alone 29.

“I was able to get a reliable network traffic graph produced of the traffic generated from all the botnets combined and it was just under 300gbit/s,” Subby said, which is, also, a pretty low traffic output.

Anubhav’s full interview with Subby, which touches on other topics, is available here.

Related malware and cybercrime coverage:


Find Out More

Marketing Tips You Need

Keep In Touch

Quick Subscribe

Client Reviews Tell The Tale.

If you are looking for professional video production for your business, Dan and his team at Appture are the best.John CullensDecember 29, 2022
We used Appture to build a lodging website, and they were awesome! Dan went above and beyond to show us the functions and make all of our changes. Appture is our go to for web design from now on!Abigail HaleOctober 26, 2022
Dan did a fantastic job making me feel comfortable while shooting. He also made me look great! I don't photograph well, so I am very pleased with the results and speed at which I got the final product.Lily GostinSeptember 13, 2022
Appture knows their business and will go the extra mile for their customers. They do high quality work and provide great ongoing support.Chris McCorkindaleMay 24, 2022
Anita CauthornMay 24, 2022
It’s so rare in these times to find one man with so much wow factor and more rare to find men with similar interest and passion in their life journey as myself . Dan Elliott has been introduced to many in what is now considered as the Terror Dome , a place where many dreams are not deferred they are detoured to routes that lead to dead ends , he comes in full of optimism so infectious that he, maybe with out knowing is energizing those who have ventured where others would fear going with just the right jolt to forge on in the way of helping fallen humanity … His various fields of expertise has helped many in my region and I can only imagine the number he has effected beyond those I know … from day one I knew “ this was a man of kindred spirit “ Dan Elliott is a Gem and adds glimmer to things he touches … I’m a Witness ….and eternally grateful….L.Rashaan RichMay 21, 2022
Dan and his group are highly capable and knowledgeable. They work fast and get the job done. I highly recommend Appture.Justin FrankMarch 26, 2022
They are highly specialized in their work and constantly seek innovation.Ismail YenigulMarch 14, 2022
Dan is a marketing wizard. Honest, Experienced and a read deal. I am blessed to have him in my journey online :) Highly recommended.Sabbir HasanMarch 7, 2022
Incredible talent so much experience and always innovativeAppture SoftwareAugust 10, 2021
So much to say. Creative, Intelligent, Talented, Limitless, Affordable. It's amazing what these guys can do.Hack mackMay 17, 2019
We found Appture from their website, and immediately started work on a website, custom SMS marketing and social media. We got leads the FIRST DAY! And it keeps getting better and better.HawkDFW SecurityMay 17, 2019
We'd used some other agencies before, but man, they simply knocked us all over. After being in business for 30 years, I wonder how much more business we'd be doing if we'd hired them earlier.Rebecca HoneaMay 17, 2019