Mirai Botnet Attackers Are Trying To Knock Liberia Offline

Zack Whittaker, reporting for ZDNet: One of the largest distributed denial-of-service attacks happened this week and almost nobody noticed. Since the cyberattack on Dyn two weeks ago, the internet has been on edge, fearing another massive attack that would throw millions off the face of the web. The attack was said to be upwards of 1.1 Tbps -- more than double the attack a few weeks earlier on security reporter Brian Krebs' website, which was about 620 Gbps in size, said to be one of the largest at the time. The attack was made possible by the Mirai botnet, an open-source botnet that anyone can use, which harnesses the power of insecure Internet of Things devices. This week, another Mirai botnet, known as Botnet 14, began targeting a small, little-known African country Liberia, sending it almost entirely offline each time. Security researcher Kevin Beaumont, who was one of the first to notice the attacks and wrote about what he found, said that the attack was one of the largest capacity botnets ever seen. One transit provider said the attacks were over 500 Gbps in size. Beaumont said that given the volume of traffic, it "appears to be the owned by the actor which attacked Dyn." An attack of that size is enough to flatten even a large network -- or as was seen this week, a small country. Update: 11/03 19:37 GMT: The title of the story (same as the ZDNet's story) was updated to mention the name of the country. The summary was updated to reflect the same, as well.

which damn country?

Is that too hard to put in the post, which country?

It's Liberia.

Re:which damn country?

[sciengin]

Mod him up please.

I almost considered to RTFM.
Thanks to him I was saved.

Whelp hope America is prepared on Election Day...

[Dust038]

Given the last response, anyone else have a bad feeling that on November 8th we're going to have a Blackout in America?

Eurocentrism

[FranklinWebber]

It's not just the post: the linked article fails to name the country until the 7th paragraph.

Re: "small, little-known African country":
-- Liberia has more land area than Portugal or Hungary or Austria.
-- Liberia is well-known to USers as a destination for freed slaves in the 19th century.

Seems like the author of the article could use a broader perspective.

Re:Eurocentrism

[nukenerd]

Re: "small, little-known African country":
-- Liberia has more land area than Portugal or Hungary or Austria.
-- Liberia is well-known to USers as a destination for freed slaves in the 19th century ... Seems like the author of the article could use a broader perspective.

You could do with some broader perspective too. Not everyone in the World is interested in a 19th century destination for freed US slaves, even if it interests some Americans as such. In the UK here I doubt that one person in 20 could point to it on a map or even know that it is in Africa. It did have a claim to fame once as having the largest fleet of merchant ships in the world (as a flag of convenience). Land area has nothing to do with it.

Oh, before you accuse me of narrow-mindedness, I am a bit exceptional in that I once had a Liberian GF, who claimed descent from those slaves, and said there was a lot of tension today between such descendants (who tend to form the upper classes) and the "natives" of Liberia because obviously the slaves did not neccesarily originate from Liberia. The ex-slaves were imposed on the natives by the USA in a fit of idealism; in fact it was a USA colony although that can only be whispered as the USA is supposed to be against colonialism. The capital Monrovia was named after the US president Monroe, and the flag is obviously inspired by the Stars and Stripes.

My GF said that the whole place is a shit-hole, in a state of more-or-less permanent civil war, gang warfare and broken infrastructure. She never wanted to go back there again.

Small-Scale Testing?

[sehlat]

Why do I have the feeling that this is a dry run, with bigger target(s) in mind?

Re:Demonstrates some simple things

[wierd_w]

Here is how you do it:

1) The device ships in "Insecure, please rape the shit out of me!" mode, with open Telnet, and a default root password.

2) The software that comes with the IoT device looks for this insecured bundle of filth. It then generates a random 32byte password, stores it in its local config file for the device, sets it on the device, and tells the device to generate a new crypto key pair. It then connects over the secure connection, and remotely disables the telnet port. It does all this while the user looks at pretty pictures or something.

3) Once the device is in "Secure mode", it no longer listens on any port for telnet traffic, and does everything over SSH with the generated keys, and the random password.

All the user has to do is "insert the damn CD into the tray and set up the device, idiot." and off they go with a secured device.

For those of us with the inclination, we can start with the unsecured mode, manually log in via telnet, and set it up the way WE want.

Everyone happy.

Re:Demonstrates some simple things

[Pascoea]

1) The device ships in "Insecure, please rape the shit out of me!" mode, with open Telnet, and a default root password.

And will only stay on in "rape me" mode for 5 minutes at a time, if the config process hasn't been completed it shuts off until the user unplugs it and plugs it back in. And the default password shouldn't be "password" or "000000" it should be unique to the device, this day and age there is no reason you can't generate a random password during manufacturing and put a sticker on the side of it.

static host files

[h4ck7h3p14n37]

Why don't affected organizations simply publish a host file for people to use until DNS service has been restored?

Here's an acronym...

[knorthern+knight]

> Both are true. The devices are insecure by design, and are not secured in practice.

Insecurely Designed Internet Of Things

Acronym... IDIOT