Hacker Publishes Telnet Credentials for More Than 515,000 Servers, Routers, IoT Devices
A hacker has published a list of Telnet credentials for more than 515,000 servers, home routers and IoT (Internet of Things) "smart" devices.
According to a ZDNet report, the list was published on a popular hacking forum and included each device's IP address, along with a username and password for the Telnet service. Telnet is a protocol that provides a command line interface for communication with a remote device or server, sometimes employed for remote management but also for initial device setup like network hardware.
ZDNet notes that the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using factory-set default usernames and passwords, or custom, but easy-to-guess password combinations. These "bot lists" are a common component of an IoT botnet operation: hackers scan the internet to build bot lists, and then use them to connect to the devices and install malware, says the report.
The list was published online by the maintainer of a DDoS-for-hire (DDoS booter) service. "When asked why he published such a massive list of "bots," the leaker said he upgraded his DDoS service from working on top of IoT botnets to a new model that relies on renting high-output servers from cloud service providers," says the report.
In addition, all the lists the hacker leaked are dated October-November 2019 and some of these devices might now run on a different IP address, or use different login credentials. ZDNet did not use any of the username and password combos to access any of the devices, as this would be illegal, which is why they are unable to tell home many of these credentials are still valid. However, ZDNet identified devices all over the world using IoT search engines that were located on the networks of known service providers, indicating they were either home routers or IoT devices. Other devices were located on networks of major cloud service providers, says the report.
Lastly, ZDNet shared the credentials list with trusted and vetted security researchers who volunteered to contact and notify ISPs and server owners.