An anonymous hacker released a list of Telnet credentials of over 515 thousand between servers, home routers and smart IoT devices. The list, made public on a popular hacker forum, includes the IP address of each device together with the username and password pair that allows you to access it via the Telnet protocol, used precisely to be able to access and control various systems and devices through Internet.
The list was probably made by scanning the entire network to find devices exposed on the internet with the Telnet port open and subsequently the hacker may have attempted the use, obviously automatically, of default user / password combinations or combinations that are easy to use. to guess.
This kind of lists called in jargon "bot list", and they represent a common element for the realization of IoT botnet. Hackers scan the Internet to build bot lists and use them to connect to vulnerable devices and install malware. Usually these lists are not disclosed, although some similar cases have happened in the past such as the list of 33,000 Telnet accesses of home routers circulated on the network in August 2017. In any case, the story of these days represents the largest list of Telnet login credentials never circulated before.
ZDNet has collected some information on the matter and it seems that the list was published online by the operator of a rental DDoS service. The credentials date back to the months of October and November 2019 it is therefore possible that a part of the devices – not knowing how large or small – may have changed the IP and / or access credentials.
However even if the list contains invalid credentials, it represents an element of incredible value for an attacker with experience: devices with bad configurations are not spread homogeneously on the internet, but are often found grouped on the network of a single connectivity provider, this is because sometimes the devices are badly configured by the provider staff when they are set up at customers. In a scenario like this, an attacker could use an IP address included in the list, locate the network of the connectivity provider and scan his network to update the list with the new IP addresses.
The advice, in this case, is to make sure that you do not have devices protected by a factory-set username / password and, when possible, to protect the home network via a firewall.
