Kevin BeaumontFeb 6, 2024

The three million toothbrush botnet story isn’t true.

Here’s the original source of the story: https://archive.is/2024.01.30-203406/https://www.luzernerzeitung.ch/wirtschaft/kriminalitaet-die-zahnbuersten-greifen-an-das-sind-die-aktuellen-cybergefahren-und-so-koennen-sie-sich-schuetzen-ld.2569480

It’s simply a made up example. It doesn’t exist. It starts talking about NoName Ddosia, too, which also isn’t toothbrushes.

Show threadKevin BeaumontFeb 6, 2024
The toothbrush thing has gone viral despite it being total bollocks.
Show threadKevin BeaumontFeb 7, 2024

Now NoName have picked up the fake toothbrush story as propaganda for their members.

Good job, Fortigate.

Show threadKevin BeaumontFeb 7, 2024
Fortigate haven’t replied to my PR question about it. Given this is several times the size of the world’s biggest botnet, you’d think they’d have any evidence.. at all.
Show threadKevin BeaumontFeb 7, 2024
Show threadKevin BeaumontFeb 7, 2024

Kudos to @BleepingComputer for doing actual journalism.

Fortinet also declined to comment to me.

It's a completely made up story, which is now being circulated as Russian propaganda.
https://www.bleepingcomputer.com/news/security/the-unlikely-3-million-electric-toothbrush-ddos-attack/

The unlikely 3 million electric toothbrush DDoS attack

A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack.

BleepingComputer
Show threadgrimmwareFeb 7, 2024
@GossiTheDog @BleepingComputer yeesh, declining to comment whilst their stock price spikes is some cynical shit. I'd like to hope this would damage trust in them but I'm not feeling that naive today.
Show threadTim LavoieFeb 7, 2024

@grimmware @GossiTheDog @BleepingComputer
You might think that Fortinet having had backdoors of their own (e.g. https://rhinosecuritylabs.com/enterprise-security/fortinet-backdoor-found-ssh-netscreen/), as well as critical RCE vulns, might affect the stock price too.

Possibly related: I've got a Fortigate 100D sitting here, unused in ages, if anyone wants to cover shipping etc.

Fortinet Backdoor Found in FortiGate Firewalls - Rhino Security Labs

Security researchers uncover hard coded SSH Fortinet backdoor vulnerability in FortiGate enterprise firewalls.

Rhino Security Labs
Show threadgrimmware
@tim_lavoie @GossiTheDog @BleepingComputer strangely enough you're not really selling the Fortigate ;)
Feb 8, 2024 at 11:51amWeb