Hackers release Mirai into the wild

0

WHY THIS MATTERS IN BRIEF

  • As more “Smart” things are connected to the internet they all become targets that can be used to take part in huge DDoS attacks, and without global, or even regional, security standards for IOT devices it’s likely that these attacks will become more frequent, and potentially more deadly


 

After inflicting heavy damage on  KrebsOnSecurity, and other web servers, in what transpired to be the largest DDoS attacks in history, which took down part of the Eastern United States and Europe’s internet, the creator of the Mirai botnet, a program designed to harness insecure IoT devices to run massive DDoS attacks, has apparently released the source code on Github.

 

RELATED
Elon Musk warns that AI could "become an immortal dictator"

 

The compact C code is designed to run on IP cameras and other Internet of Things (IoT) devices. It tries various hardcoded root passwords, infects the device, and then sends out traffic to a preset target. You can see the code containing the hardcoded passwords in this file called scanner.c.

 

 

Hackers originally used the botnet to send a 620 Gbps DDoS to KrebsOnSecurity earlier in the year and while the system’s powerful it’s easily thwarted by rebooting the offending IoT devices and updating their passwords and firmware – which is much harder than it sounds, particularly given the lack of IOT security standards and lack of coordination between providers.

“With Mirai, I usually pull max 380k bots from telnet alone,” write Anna-senpai, the hacker who released the code on Hackforums, “however, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”

Krebs doesn’t believe the release is altruistic especially given his penchant for getting hackers arrested.

 

RELATED
The death and rebirth of Moore's Law

 

“It’s an open question why anna-senpai released the source code for Mirai, but it’s unlikely to have been an altruistic gesture – miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home,” he said, “publishing the code online for all to see and download ensures that the code’s original authors aren’t the only ones found possessing it if and when the authorities come knocking with search warrants.”

The code is on Github now and appears to be legitimate and while we  haven’t compiled it there is enough interesting info in the files themselves that it could make an educational project for researchers and, sadly, a compact tool for more nefarious uses.

About author

Matthew Griffin

Matthew Griffin, described as “The Adviser behind the Advisers” and a “Young Kurzweil,” is the founder and CEO of the World Futures Forum and the 311 Institute, a global Futures and Deep Futures consultancy working between the dates of 2020 to 2070, and is an award winning futurist, and author of “Codex of the Future” series. Regularly featured in the global media, including AP, BBC, Bloomberg, CNBC, Discovery, RT, Viacom, and WIRED, Matthew’s ability to identify, track, and explain the impacts of hundreds of revolutionary emerging technologies on global culture, industry and society, is unparalleled. Recognised for the past six years as one of the world’s foremost futurists, innovation and strategy experts Matthew is an international speaker who helps governments, investors, multi-nationals and regulators around the world envision, build and lead an inclusive, sustainable future. A rare talent Matthew’s recent work includes mentoring Lunar XPrize teams, re-envisioning global education and training with the G20, and helping the world’s largest organisations envision and ideate the future of their products and services, industries, and countries. Matthew's clients include three Prime Ministers and several governments, including the G7, Accenture, Aon, Bain & Co, BCG, Credit Suisse, Dell EMC, Dentons, Deloitte, E&Y, GEMS, Huawei, JPMorgan Chase, KPMG, Lego, McKinsey, PWC, Qualcomm, SAP, Samsung, Sopra Steria, T-Mobile, and many more.

Comments

Your email address will not be published. Required fields are marked *