Hacked DAHUA cam and added that names

[TIGOS1]

If your users are having botnet add user names to their cams or NVRs, then the problem is not the cams or NVRs. It is the (lake of) firewall/modem/router that is letting them in

Thank you wery much...

And thank you for your read fully my message at all

I don't use port forwarding.

The process of adding a new hacked user was found in the logs:
A connection was made using p2p without a user name but with administrator rights.
After that, a new user was added

It was these tips of yours that really helped in solving the problem described.

But if I answer you seriously: I can advise you to check each of your cameras for hacking just in case

I really hope that YOUR vpn and firewalls helped you

I have video surveillance networks with different numbers of cameras
In some networks there are 3-5 of them, in other networks there are 500-600 of them.

Not all of them are hacked.
But it is enough if in a network of 300 cameras there are 10-15 hacked

 

[wittaj]

As we have said, most of us don't allow the cameras to access the internet, so we are not experiencing the issues you see and thus have no hacked usernames in our account settings in the cameras.

Most here have isolated the cameras such that even when VPN into the system, all they have access to is the VMS and simply just the video feed and not the actual camera itself...

 

[tangent]

The simplest option for more secure access to your cameras is to use a service like tailscale or zerotier.
If you're using an NVR instead of a VMS, using one of these services would require running software on a PC that's always on.

In the boarder context of what's happening / how the cameras are getting hacked, some possibilities to consider:

• Other compromised devices on the LAN could be exploiting the camera / nvr, most likely the router or a computer on the network.
• P2P depends on the security and trust of servers controlled by a third party that could be hacked or otherwise compromised by geo politics.
• P2P implementations (across manufactures and firmware revisions) may not be that secure and may be vulnerable to interception of credentials / tokens in transit. If used change passwords frequently.
• Devices could be compromised somewhere in the supply chain before they even get to you.

Cameras / NVRs in your country are likely subjected to more attacks than most.

The best practice is generally to enforce security externally through the use of things like managed switches, vlans, and firewalls. More active users here use VMS software on a PC than NVRs. If recording cameras to a PC using VMS software like Blue Iris, a relatively simple set up I often advocate for is adding a second NIC to the PC and connecting a switch with the cameras to that (all cameras assigned static IPs in a different subnet). The VMS (video management system) PC can run a local time server and run tailscale or zerotier. Alternatively, a firewall appliance of some variety (even an rPi with the right software) could provide secure access to an NVR and isolate it from the network.

 

[tangent]

I don't use port forwarding.

If UPnP isn't disabled at the router, sometimes a camera / NVR will use it to forward ports to the device.

Consider trying the "sheild's up" service of Gibson Research Corporation
then try the UPnP exposure test and then scan all relevant ports (you'll have to manually enter some ports you should scan).

 

[looney2ns]

See this example of what happens when you don't properly secure your network.

Thread 'Hikvision Honeypot Hackathon'

Apr 13, 2020

We get quite a lot of posts about port forwarding - and quite a lot of good advice in response about the risks, and pointers to more secure remote access methods.
And we still get posts related to the Hikvision backdoor vulnerability, where camera passwords are mysteriously lost, or cameras disappear from the network.
So I thought it might be interesting to relieve a bit of the lockdown boredom and see how well a Hikvision camera survives being accessible from the internet.
The short answer - it doesn't.

I set up port forwarding and exposed to the internet a DS-2CD2432F-IW cube camera...

• alastairstevenson
• Replies: 15
• Forum: Hikvision

• 
• 

 

[tigerwillow1]

P2P depends on the security and trust of servers controlled by a third party that could be hacked or otherwise compromised by geo politics.

Agree, but doesn't this also apply to tailscale and zerotier as well as any other P2P provider?

 

[looktall]

Agree, but doesn't this also apply to tailscale and zerotier as well as any other P2P provider?

A fact glossed over by many.

 

[tangent]

Agree, but doesn't this also apply to tailscale and zerotier as well as any other P2P provider?

Yes, they are similar to other nat traversal methods. But you're putting your trust in someone other than a Chinese manufacture and in a product with cryptography / security that you can hopefully have a bit more confidence in.

You can also self-host a similar service with Netmaker: Remote Access VPN & Software Defined Networking