25,000 Zombie Security Cameras Pounce On Computers Worldwide

Criminals are using a massive network of hacked CCTV security cameras to crash computers around the world.

The 25,000-strong botnet may be the largest found yet. Security firm Sucuri discovered the extent of the evil web while investigating an online "distributed denial of service," or DDoS, assault against an ordinary jewelry store.

The shop's website was knocked offline after drowning in tens of thousands HTTP pings per second.

When Sucuri attempted to thwart the network tsunami, the botnet stepped up its output and discharged even more pings per second against the store's website.

When Sucuri dug into the source of the bogus network traffic, it found the pings were all coming from internet-connected CCTV cameras – devices that had been remotely hacked by miscreants to attack other systems.

"It is not new that attackers have been using [internet of things] devices to start their DDoS campaigns, however, we have not analyzed one that leveraged only CCTV devices and was still able to generate this quantity of requests for so long," said Daniel Cid, an executive at Sucuri.

Around a quarter of the zombie cameras were located in Taiwan, with another 12 percent in the United States and just under 10 percent in Indonesia. In all, infected systems in 105 countries were used in the attacks. 

An early analysis of how the cameras were hacked points the blame at a security hole in DVR boxes used by many CCTV cameras. The vulnerability was discovered in March. But CCTVs are not high on the patching priority list of most people.