Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mirai Botnet Attackers Are Trying To Knock Liberia Offline (zdnet.com)

Posted by msmash on from the botnets dept.

Zack Whittaker, reporting for ZDNet: One of the largest distributed denial-of-service attacks happened this week and almost nobody noticed. Since the cyberattack on Dyn two weeks ago, the internet has been on edge, fearing another massive attack that would throw millions off the face of the web. The attack was said to be upwards of 1.1 Tbps -- more than double the attack a few weeks earlier on security reporter Brian Krebs' website, which was about 620 Gbps in size, said to be one of the largest at the time. The attack was made possible by the Mirai botnet, an open-source botnet that anyone can use, which harnesses the power of insecure Internet of Things devices. This week, another Mirai botnet, known as Botnet 14, began targeting a small, little-known African country Liberia, sending it almost entirely offline each time. Security researcher Kevin Beaumont, who was one of the first to notice the attacks and wrote about what he found, said that the attack was one of the largest capacity botnets ever seen. One transit provider said the attacks were over 500 Gbps in size. Beaumont said that given the volume of traffic, it "appears to be the owned by the actor which attacked Dyn." An attack of that size is enough to flatten even a large network -- or as was seen this week, a small country. Update: 11/03 19:37 GMT: The title of the story (same as the ZDNet's story) was updated to mention the name of the country. The summary was updated to reflect the same, as well.

3 of 73 comments (clear)

  1. Small-Scale Testing? by sehlat · · Score: 5, Insightful

    Why do I have the feeling that this is a dry run, with bigger target(s) in mind?

  2. Re:Demonstrates some simple things by wierd_w · · Score: 3, Insightful

    Here is how you do it:

    1) The device ships in "Insecure, please rape the shit out of me!" mode, with open Telnet, and a default root password.

    2) The software that comes with the IoT device looks for this insecured bundle of filth. It then generates a random 32byte password, stores it in its local config file for the device, sets it on the device, and tells the device to generate a new crypto key pair. It then connects over the secure connection, and remotely disables the telnet port. It does all this while the user looks at pretty pictures or something.

    3) Once the device is in "Secure mode", it no longer listens on any port for telnet traffic, and does everything over SSH with the generated keys, and the random password.

    All the user has to do is "insert the damn CD into the tray and set up the device, idiot." and off they go with a secured device.

    For those of us with the inclination, we can start with the unsecured mode, manually log in via telnet, and set it up the way WE want.

    Everyone happy.

  3. Here's an acronym... by knorthern+knight · · Score: 3, Insightful

    > Both are true. The devices are insecure by design, and are not secured in practice.

    Insecurely Designed Internet Of Things

    Acronym... IDIOT

    --

    I'm not repeating myself
    I'm an X window user; I'm an ex-Windows user