Alleged Brickerbot creator Janit0R stands down from hectic career of compromising IoT devices.
Janit0r, the alleged creator of BrickerBot, a piece of malware designed to damage insecure IoT devices so severely that they become redundant, has apparently retired, but not before claiming to have ‘bricked’ over 10 million IoT devices in his recent career.
The resignation letter came in the form of an email to computer help site, Bleeping Computer. Earlier in the year, the person behind the ‘Janit0r’ nickname, a self-professed ‘grey hat’ hacker, claimed that they invented the malware strain to brick IoT devices as a sort of ‘internet chemotherapy’, which could be used to damage vulnerable devices before they got infected with the Mirai malware.
Read more: BrickerBot ‘creator’ claims two million IoT devices have been destroyed
A brief history of Brickerbot
The Brickerbot malware was first detected in April this year. It works by searching the internet for vulnerable IoT devices, and then using exploit code to breach the equipment and rewrite the device’s flash storage with alternative data. This leaves many devices having to be reinstalled or even replaced altogether as the malware can even rewrite the firmware on the device.
Its author has claimed in several emails to have been behind many attacks and outages across the world, including ones against US and Indian internet service providers. However, the supposed perpetrator sent an email to Bleeping Computer announcing his sudden retirement.
They claim to be ‘retiring’ because although the project had been a technical success, they were worried that it was also having a “deleterious effect on the public’s perception of the overall IoT threat”.
“Researchers keep issuing high-profile warnings about genuinely dangerous new botnets, and a few weeks or even days later, they are all but gone. Sooner or later, people are going to start questioning the credibility of the research and the seriousness of the situation,” Janit0r wrote, pointing to the cases of the Persirai, Hajime and Reaper botnets.
Read more: European Parliament pushes on IoT device security and interoperability
Progress made, but not enough
Janit0r added that while there had been some progress over the past year, with proposals for new security standards, people, organizations and governments were still not doing enough or moving quickly enough. “We’re running out of time,” they added.
“Because of this, I’ve decided to make a public appeal regarding the severity of the situation. Taking credit for all the carnage of the past year has serious downsides for me and my mission… However I also recognize that if I keep doing what I’m doing, then people of influence may simply perceive the IoT security disaster as less urgent, when in reality they should consider it an emergency requiring immediate action,” they stated.
Operators of IoT DDoS botnets were taking precautions against BrickerBot, and this made Janit0r’s work even more challenging, they said, and they are wary of legal repercussions.
“There’s also only so long that I can keep doing something like this before the government types are able to correlate my likely network routes (I have already been active for far too long to remain safe),” Janit0r wrote.
“For a while now my worst-case scenario hasn’t been going to jail, but simply vanishing in the middle of the night as soon as some unpleasant government figures out who I am.”
Read more: Reaper IoT botnet proves less virulent than expected
Severe disruption ahead
As well as advising users to take sanctions against vendors that do not deliver security updates efficiently, the BrickerBot author suggested that ISPs use tools like Shodan to audit their networks and isolate ports and services that don’t need to be online. The internet, they warned, “is only one or two serious IoT exploits away from being severely disrupted”.
Ian Hughes, IoT analyst at IT advisory firm 451 Research, acknowledged that IoT security is a significant concern, but warned that companies are mainly paying attention to security holes when a public release of information forces the issue.
“A more credible approach is offering a bounty or proper reporting scheme to have problems raised and acted upon. The IT industry is full of examples of problems found and ignored, or attempted to be hidden, until they are made public, and IoT continues that unfortunate tradition,” he said.
Read more: Andromeda IoT botnet dismantled by international cyber taskforce