Chinese Products Used in Massive DDoS Attack on US Websites

Your Chinese-made DVD player may be part of a cyberattack

A Chinese company has admitted many of its electronic products were hacked and used as part of a cyberattack that shut down a number of major US internet websites last week.

Hangzhou Xiongmai Technology said weak passwords utilized in its DVRs and security cameras allowed them to be commandeered as part of a massive distributed denial of service (DDoS) attack that shut down websites like Twitter, Paypal, and Spotify.

A malware called Mirai has been taking advantage of the security lapse in Xiongmai products, which have online capability often referred to as the Internet of Things. Mirai then uses this army of zombified Xiongmai products to overwhelm internet traffic with a deluge of information, thereby shutting them down.

“Mirai is a huge disaster for the Internet of Things,” Xiongmai said in an email to IDG News Service. “(We) have to admit that our products also suffered from hacker’s break-in and illegal use.”

Internet provider Level 3 Communications estimates that some 500,000 Xiongmai devices are infected with Mirai malware. Xiongmai is advising its customers to update the firmware to their products as well as change passwords and usernames in order to stop them from being hacked.

In March of last year, China was blamed for a massive DDoS attack that shut down coding website GitHub. Technology experts say the “Great Cannon” was responsible for redirecting ordinary internet traffic from Chinese search engine Baidu to turn it into a malicious DDoS attack.

Charles Liu

The Nanfang's Senior Editor