ReportWire

Tag: Denial-of-service attack

  • Did a Hacker Gang Create a Botnet Out of 3 Million Electric Toothbrushes?

    Did a Hacker Gang Create a Botnet Out of 3 Million Electric Toothbrushes?

    [ad_1]

    The answer is: No, but you’d be forgiven for having believed that was the case since a viral news story made the rounds earlier this week claiming it was so.

    The Animal Kingdom Imagines a World of Humans Turning Into Animals

    The story in question was published by a Swiss newspaper, Aargauer Zeitung, and claimed that three million electric toothbrushes had been tied into a botnet, which was then used by cybercriminals to carry out a financially damaging DDoS attack on a Swiss company’s website. The source of the story were researchers from Fortinet, a well-known security company based in California.

    This story, which sounded just crazy enough to be true, was subsequently recycled by numerous English-speaking outlets, including Tom’s Hardware, ZDNet, and others. There was a certain logic to it. Cybercriminals can be very creative when it comes to using smart hardware to build malicious networks; the Mirai cybercriminals notably used over 100,000 smart devices to build one of the most notorious botnets ever. Why not use a smart toothbrush or two?

    The problem, however, is that not all smart devices are built alike. The toothbrush story unraveled after security experts on X began chiming in about the ridiculousness of this scenario. Some said that it was basically impossible, given that smart toothbrushes connect to Bluetooth, not the internet. A story from 404 Media cited skeptical security experts, who called into question the validity of the narrative.

    Now, the story has been officially deemed false. According to Fortinet, the Swiss journalists who initially spread the story misinterpreted their researchers during an interview, which then caused U.S. outlets to uncritically pick up the false narrative and further circulate it. In a statement shared with ZDNet, Fortinet clarified that the toothbrush incident had not actually happened, and was more of a thought experiment than anything:

    “To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred.

    Covering cybersecurity as a journalist can be tricky. Many stories are pitched as research by security companies, and those companies are incentivized to elaborate a bit in their research findings to get more attention for their business. Indeed, the Swiss newspaper at the center of the toothbrush drama has now come out and blamed Fortinet for falsely claiming that the story was real. The paper claims, in a statement posted to its website, that the excuse of a “translation error” is, itself, made up:

    [Translated from German by Google Translate] What the Fortinet headquarters in California is now calling a “translation problem” sounded completely different during the research: Swiss Fortinet representatives described the toothbrush case as a real DDoS at a meeting that discussed current threats…

    Fortinet provided specific details: information about how long the attack took down a Swiss company’s website; an order of magnitude of how great the damage was. Fortinet did not want to reveal which company it was out of consideration for its customers.

    The text was submitted to Fortinet for verification before publication. The statement that this was a real case that really happened was not objected to.

    Gizmodo reached out to Fortinet for more information on how this tall tale got so much circulation and will update our story if it responds.



    [ad_2]

    Lucas Ropek

    Source link

  • YouTuber Accuses Casetify Of Copyright Theft, Has Receipts

    YouTuber Accuses Casetify Of Copyright Theft, Has Receipts

    [ad_1]

    There’s a brilliant trick map makers use to prevent plagiarism, called “trap streets.” They deliberately put an entirely fictional road, or even entire imaginary towns (“paper towns”), so that if someone lifts their work without permission it’s immediately identifiable to them. Something very similar is at the center of claims that a billion dollar phone case company has ripped off YouTuber JerryRigEverything.

    6 Things To Know Before Starting Persona 5 Tactica

    Zack Nelson, the man behind the enormously popular JerryRigEverything YouTube channel, has a neat sideline in phone cases. Working with phone peripheral company, dbrand, he has released a series of phone and tablet cases under the label Teardown, that almost exactly mimic what the devices look like on the inside.

    So it was with some surprise that Nelson and dbrand noticed Hong Kong-based Casetify selling something that looked similar. Very similar. But Casetify is a company that has sold over 25 million phone cases, and was described by the South China Morning Post as “one of the three biggest tech accessory brands in the world.” It seemed pretty unlikely that a business on that scale would be lifting his designs, right?

    Screenshot: YouTube

    The thing is, Nelson’s dbrand Teardown range has its own equivalent of trap streets. While the cases were deliberately super-accurate (scans of hardware were done at 2400dpi), each design was also scattered with in-jokes and easter eggs.

    For instance, dbrand was launched, like Skyrim, on 11.11.11, and as such, the number 11 was put around the word “SUB-SCRIBE” on an image of a ribbon. One of dbrand’s most popular case designs was “robot,” and the iPhone cases have “R0807″ printed on one of the metal strips. And the thing is, according to Nelson, so do Casetify’s. Nelson even claims that dbrand’s own logo appears on Casetify’s designs.

    JerryRigEverything

    Now, Kotaku has no access to either version, and while it’s worth noting that Casetify’s versions—branded as “Inside Out”—have suddenly disappeared from their website, we only have Nelson’s claims to go on here, and make no accusations ourselves. But if those versions shown in the JerryRigEverything really came from Casetify’s website, it certainly looks dubious.

    This starts to look even worse when Nelson points out some specific details, like how one of the Casetify designs has an image of half a camera lens printed above where the real lens pokes through, which is most easily explained by someone taking the image of the case from the dbrand website and creating the case from that, rather than scanning the actual physical object.

    The Casetify case, with its errant camera lens image.

    Screenshot: YouTube

    As a result, Nelson and dbrand have launched legal action against Casetify. Nelson’s rationale for taking this route is that “the biggest way to teach Casetify a lesson is with a multi-million dollar lawsuit.” However, he also states this isn’t about making himself money. He’s realistic about how unlikely actual financial gain is in cases like this, and says that should they win anything, the money would go toward his “The Rig” off-road wheelchair project.

    We reached out to Casetify to ask if it could provide any insight into the situation, and received a reply pointing us to a statement it put out on X earlier today. It’s interestingly phrased.

    Beginning by stating that they pride themselves in being a “bastion of originality,” the company goes on to say it is “currently investigating a copyright allegation against us.” The statement acknowledges that Casetify has “immediately removed the designs in question from all platforms.” And then it gets weird.

    “We are also investigating a DDOS attack that disrupted our website when the allegation surfaced,” it continues, which whether intentionally or not, seems to suggest some manner of correlation. We’ve asked if the implication here was that the DDOS and allegations were from the same source and were told, “We cannot comment any further at this stage.”

    After assuring that all customer data is safe (DDOS attacks don’t threaten customer data, of course), it then concludes, “Thanks for your patience and support during this challenging time.” Er, OK. Weird tone. Thoughts and prayers.

    JerryRigEverything has promised to keep people up to date on its channel, and it’s hard not to want to grab some popcorn and subscribe. We’ve also reached out to Nelson for further comment.

     

    [ad_2]

    John Walker

    Source link

  • Diablo IV Suffers Extended DDOS Attack

    Diablo IV Suffers Extended DDOS Attack

    [ad_1]

    Diablo IV was dealing with a DDoS attack, a message on the game’s main menu screen confirms. As a result, players kept getting disconnected from the alway-online action-RPG during one of the highest traffic periods of the week.

    The Week In Games: What’s Releasing Beyond Diablo IV

    “We are investigating the login issues affecting Diablo IV and working to resolve these as soon as possible,” read a message from the Battle.net customer service account tweeted early on June 25. “Players may experience queues while we work on the issue.” Later in the day, however, the company confirmed it was still investigating the issues, and that the game was in fact dealing with a DDoS attack. DDoS refers to distributed denial of service, meaning it’s a type of cyber attack, and refers to when a system is flooded with interactions so that actual users can’t user the intended service.

    “We are currently experiencing a DDoS attack, which may result in high latency and disconnections for some players,” read an in-game announcement greeting confused players. “We are actively working to mitigate this issue.” Blizzard didn’t immediately provide any additional information or timeline for when the DDoS attack might stop or online play might resume as normal. Some players have reported being unable to play for nearly 12 hours.

    Social media, including the game’s popular subreddit, were predictably filled with players who would normally be logging on to play on a weekend morning posting about how they’re just continually refreshing the game’s main menu and customer service help accounts instead. Of course, depending on how you play Diablo IV, continually clicking the same button over and over might not be that different.

    Forunately, if you’re reading this now, chances are very good that you can actually log into the game. According to Blizzard, after hours of downtime, the DDOS attacks it was monitoring have “ended.” However, in case some people are still having login issues, Blizzard recommends checking this out.

    While that’s good news, the situation overall is an unfortunate but familiar risk for any always-online game, and underlines what a bummer it is that there’s no offline way to play Diablo IV as a completely single-player experience. Diablo III was always-online as well, and in the years between the two games it’s become a much more commonplace requirement as more games pivot to being live services. Diablo IV has really leaned into that shift, including a controversial decision to force players to start a new character from scratch each season if they want to progress their corresponding battle pass.

    Then again, it wouldn’t be a Diablo launch without something for players to argue about.

    [ad_2]

    Ethan Gach

    Source link