Last week, Noah posted about an here about a DDoS attack that was triggered by a botnet that compromised enough Internet of Things devices to generate 600 Gigabits per second of bogus internet traffic.
Fast forward one week and the code for this DDoS is now publicly available, has a catchy name (Mirai), and has compromised devices in as many as 177 countries. It is very simple code that targets insecure routers and devices with simple default passwords.
I was at a Cybersecurity panel discussion last week and one of the presenters said that he discovered that one of his zwave devices was recently compromised and was hogging all of the bandwidth on his network. It made me think of this story and start to wonder about my own network. So far things seem normal on my network, but has anyone else experienced any of the Mirai symptoms?
The motivations behind selling or releasing a hack are very different. We’ve seen users try to auction off tools for bitcoins in order to profit. Releasing a hack seems like a sign of anger and wanting to see how much damage the hack can do. Hopefully the next step is reverse-engineering and finding a way to patch the vulnerabilities. I think this will be very hard to stop the botnets themselves as a lot of people won’t even know that their DVRs and security cameras are pinging a website over and over. Also, the poster mentioned the DDoS Industry and that they’re already retiring after making their money, which confirms that there is a lot of money in illegal activities.
Also, releasing the source code once the Feds are on to you ensures that the source code is in many different places which makes it harder for the authorities to pinpoint. So far I haven’t experienced any symptoms, but I definitely feel that access to the source code is a good way to see how these DDoS attacks work.