How the Chinese companies respond to the U.S.-network attack

Over The years , internet paralysis in several cities in the United States, including Twitter,Shopify,Reddit, and so on, a large number of internet-known websites for hours without normal access. The US Dyn company, which provides domain name resolution services for many websites , says the company has been subjected to massive "denial of service"(DDoS) attacks.

in the words of security researchers, it is called Mirai 's malicious files have been exploiting the flaws in "male" products, injecting malicious code, and using them to launch massively distributed denial of service attacks.

even if the cause of the paralysis has not been identified, the U.S. website Kerbsonsecurity that "male mai technology" and other companies to produce modules can not be repaired, these devices will only be broken after the network to stop the attack. Even if the cause of the paralysis has not yet been identified, Kerbsonsecurity has advised manufacturers to recall such extremely poor security products worldwide and to take responsibility for the incident.

The three-point statement of the MAI message counter-attack

as "the world's leading security video product solution and technology provider," How does the information itself respond to accusations from the U.S. website ?

Ten months later, the information of the male in the official debate on the reply, in the first point out that the relevant website reports are not real, on the equipment safety issues explained, roughly two points:

First, most of the security issues are because the user does not change the default password generation, this is also the most easily exploited and breakthrough, so remind users to change the password in time.

The second is for the embedded device telnet attack, the male mai early in the year 4 months before the relevant products closed the port. Therefore, in response to 4 months after the product, hackers are not able to use the port to attack, and for the year 4 months before the production of products, the company has provided a firmware upgrade procedures, If you are concerned about risks, you can resolve them by upgrading.

summing up the above statement, Xiong Mai information in the description that, even if the hacker to attack the male Mai equipment, also must be based on the following three prerequisites:1 , the device is used for 4 months prior to the firmware program ; 2. Device User name password is the default , 3, the device directly exposed to the public network ( do DMZ mapping ), no firewall.

"Any one of these conditions is not available and no male devices can be attacked or manipulated, so this attack has little impact on the actual use of the male device," said the information. And for the domestic network equipment for the male, because all use peer and forward technology (do not need to do DMZ mapping ), hackers more unlikely to attack. As a starting-up of the bank monitoring system, Xiong is not only attaching importance to security technology but also advantages. "

However, the network Security Center , Pkav Technology House Community founder said, from the hacker attack technology, based on the cloud control of the male intelligent security products may indeed have some loopholes, "I have bought a male product of the smart plug, also after some research, then technically, the firmware program and password are not difficult, Whether to connect to the public network is the problem--and from home cameras and smart plugs, remote control is what users buy. "

Xiong Mai Information statement

recently, said in the United States large-scale network survey, the company produced by the male Mai DVR has been involved in this DDoS attack because of the security performance problem after being hacked . For its untrue remarks, the statement is as follows:

first, the products involved in the attack mainly from the male and the facts do not match. But most of the smart devices involved in the Internet of things have been hacked ;

second, the number of millions of products by hackers to take part in this attack and the facts do not match. The company's products are embedded closed systems, products can not be manipulated by unscrupulous elements ;

third, the attack of the male product is not used and the facts do not match. This attack does not have any effect on the male products, as of now, no official quality incident report or official letter of assistance for the attack was received by the company .

four, the male Mai products can not be repaired after the attack is inconsistent with the facts. This event hacking control products are mainly to take advantage of the user did not change the initial password in a timely manner, such as the user change password the problem of natural solution, once sensational "Black Swan Incident", "Security door incident" and other specific embodiment of the aforementioned issues ;

Five, the company produced products are in line with the national or industry standards, its product safety is also in line with the corresponding market access principles. According to news reports, the incident, the U.S. Department of Homeland Security and the FBI has been involved in the investigation, there is no investigation results ;

Finally, to the relevant organizations or individuals do not make statements, slander our business reputation behavior, our company has made relevant evidence preservation, if the infringer failed to stop the infringement or the consequences of infringement damage expanded, then we will further through the legal channels to investigate all the legal responsibility of the infringer, we reserve the right to legal investigation.

How the Chinese companies respond to the U.S.-network attack