It was recently announced that a credit union, whose identity and location were withheld, became a victim of its very own infected DVR. Thinking they had become the victim of an outside attack, the credit union had actually posted a warning to its customers on their website regarding the possibility of being at risk for security breaches without even realizing the security breach wasn’t coming from an unknown source, but from its very own network. A security intelligence firm hired by the credit union was the one to break the news that they had actually been the ones who unknowingly opened security back doors that allowed themselves to be targeted for attacks.
But of all things, a DVR is to blame? Isn’t it usually an actual computer that’s to blame for security network breaches? According to NorseCorp (the company hired by this credit union to monitor their security network) chief technology officer Tommy Stianson, there are at least 10,000 hacked DVRs currently in use in the United States alone. This particular DVR had no firewall and therefore had no protection against what ended up infecting it: Zeus, a version of the banking Trojan that simply waited for customers to enter in their account information online to commit theft. Banking Trojans infect computers by using corrupt email messages or websites to gain access to a security network, and then simply wait for customer login information to be entered, at which time every account connected to that login information can be bled dry. What makes banking Trojans so scary is their ability to make account holders’ accounts appear normal online, as if all their transactions are occurring as they’re supposed to, so account holders don’t realize their accounts have been hacked into and cleaned out until they receive their monthly bank statements. By then, then money is almost always long gone. And yes, a DVR can be to blame for something this catastrophic because it contains a computer; so as technology continues to advance and more and more of the items we use on a day-to-day basis have some sort of computer controlling them, stories like this one will become more and more common.