You Can Now Rent A Mirai Botnet Of 400,000 Bots (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

You Can Now Rent A Mirai Botnet Of 400,000 Bots (bleepingcomputer.com)

Posted by EditorDavid on Sunday November 27, 2016 @10:35AM from the telnetting-for-dollars dept.

An anonymous reader writes: Two hackers are renting access to a massive Mirai botnet, which they claim has more than 400,000 infected bots, ready to carry out DDoS attacks at anyone's behest. The hackers have quite a reputation on the hacking underground and have previously been linked to the GovRAT malware, which was used to steal data from several US companies. Renting around 50,000 bots costs between $3,000-$4,000 for 2 weeks, meaning renting the whole thing costs between $20,000-$30,000.

After the Mirai source code leaked, there are countless smaller Mirai botnets around, but this one is [believed to be the one] accounting for more than half of all infected IoT devices...that supposedly shut down Internet access in Liberia. The original Mirai botnet was limited to only 200,000 bots because there were only 200,000 IoT devices connected online that had their Telnet ports open. The botnet that's up for rent now has received improvements and can also spread to IoT devices via SSH, hence the 400,000 bots total.
Interestingly, the article claims the botnet's creators had access \to the Mirai source code "long before it went public."

62 comments

Min score:

Reason:

Sort:

Or you can get a botnet for free... by Anonymous Coward · 2016-11-27 10:42 · Score: 5, Funny

By getting an article posted on slashdot and having the site you want DDoS'd linked in the summary :)
1. Re: Or you can get a botnet for free... by dougdonovan · 2016-11-27 10:50 · Score: 0
  
  the rental works :)
2. Re:Or you can get a botnet for free... by Anonymous Coward · 2016-11-27 11:34 · Score: 0
  
  Keep dreaming. The heyday is over, the readers are gone, and the Slashdot Effect has become a myth.
3. Re: Or you can get a botnet for free... by Anonymous Coward · 2016-11-27 14:42 · Score: 1
  
  5 visitors from Skashdot isn't going to ddos anyone.
4. Re:Or you can get a botnet for free... by Anonymous Coward · 2016-11-27 16:41 · Score: 1
  
  Maybe 10 years ago...
5. Re:Or you can get a botnet for free... by Anonymous Coward · 2016-11-27 19:35 · Score: 0
  
  I had an article linked here. It got me just 2,000 reads. The article on its own had already had 8,000. /. effect is long and gone.
6. Re:Or you can get a botnet for free... by Anonymous Coward · 2016-11-27 21:06 · Score: 0
  
  Probably a free jail sentence while you're at it. Watch entire governments grep all the traffic on the internet for that IRC handle now. (In regards to the last time Mirai botnet was used to take down most of the internet for like half a day.)
7. Re:Or you can get a botnet for free... by Anonymous Coward · 2016-11-28 00:52 · Score: 0
  
  Noone gives a fuck about some poor ddosing useless websites. Your perception is diseased, you see media reality instead of what is there. Also, why are you so afraid of prison, child?
8. Re: Or you can get a botnet for free... by Anonymous Coward · 2016-11-28 05:31 · Score: 0
  
  Reddit hug of death works better.
15k a week? by rsilvergun · 2016-11-27 10:44 · Score: 1

Jesus, I'm in the wrong line of work.

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
1. Re:15k a week? by fahrbot-bot · 2016-11-27 10:52 · Score: 0
  
  Jesus, I'm in the wrong line of work.
  Hopefully someone will find them, drag them into the woods and put 2 in the back of their heads.
  [ He said with all the charity he could muster for people like that. ]
  
  --
  It must have been something you assimilated. . . .
2. Re: 15k a week? by dougdonovan · 2016-11-27 10:53 · Score: 0
  
  the wrong line of work i 2nd that
3. Re:15k a week? by turbidostato · 2016-11-27 11:05 · Score: 1
  
  Isn't capitalism a wonderful thing?
4. Re: 15k a week? by Anonymous Coward · 2016-11-27 11:52 · Score: 0
  
  No, Jesus was in the wrong line of work. Look what happened to him.
5. Re:15k a week? by _Sharp'r_ · 2016-11-27 12:06 · Score: 1
  
  So for $30K, you can patch 400K bot systems to never participate in another botnet? That's less than some companies pay in DDOS protection every month..... just an idea, guys.
  
  --
  The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
6. Re:15k a week? by Dutch+Gun · 2016-11-27 13:15 · Score: 1
  
  I'm pretty sure they don't give you direct control over the botnet. I'd suspect you can only direct who to attack, attack timing/duration, and how many bots.
  Maybe there's something you could do once you know all the IPs (for instance, you could direct them at a honeypot target), but a lot of malware closes the door behind itself once a device is compromised. I'm not sure how Mirai works, but I wouldn't be surprised if it behaved in a similar fashion.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
7. Re:15k a week? by Anonymous Coward · 2016-11-27 17:33 · Score: 0
  
  Not enough deterrence. If one puts " 2 in the back of their heads" in the woods, and nobody is around, does anybody hear?
  Nah, you need plenty of Rope; check for sales at defender.com. And Lampposts, tall ones in full Public view. And don't just drop them, let them dangle for a while, kicking their puny legs, while we have some popcorn.
  This is all metaphorical of course. I don't even like popcorn.
Tomorrow will be interesting... by aaarrrgggh · 2016-11-27 10:50 · Score: 2

Cyber Monday could be interesting.

But seriously... other than causing chaos, does anything get accomplished with a DDoS that it provides some kind of value? I get the idea of a multi-pronged attack, but is there that much to gain?
1. Re:Tomorrow will be interesting... by CaptainDork · 2016-11-27 10:53 · Score: 2
  
  This.
  DDoS is vandalism.
  It pisses someone off; costs them; and the little botnet kiddies giggle.
  
  --
  It little behooves the best of us to comment on the rest of us.
2. Re:Tomorrow will be interesting... by cdsparrow · 2016-11-27 10:59 · Score: 1
  
  Potentially, if you had a wide enough reach and enough bots, you could take over a specific router somewhere and ddos lots of other points funneling traffic through your compromised pipe. On small scale this could be used to steal data, mitm attack, etc. The internet is fairly predictable at small scale where it will route packets around a road block you create.
3. Re:Tomorrow will be interesting... by CODiNE · 2016-11-27 11:06 · Score: 2
  
  It's good for masking actual intrusions. Distracting the IT guys from the data exhilaration going on.
  It's also useful for stopping up bank transactions long enough for the undo window to expire on fraudulent transfers. Say you do some real estate fraud and trick someone into wiring $200k to the wrong account. Doesn't do you any good if they catch it and roll it back in a day. Do the transfer, DDoS the heck out of the bank... that's well worth $15k a week.
  Script kiddies don't pay that kind of money to laugh about taking Walmart down for a few days. There's real money behind this stuff.
  
  --
  Cwm, fjord-bank glyphs vext quiz
4. Re:Tomorrow will be interesting... by Anonymous Coward · 2016-11-27 12:48 · Score: 0
  
  Distracting the IT guys from the data exhilaration going on.
  Glad I'm not the only one who sometimes gets a little too elated during an exfil.
5. Re:Tomorrow will be interesting... by magarity · 2016-11-27 13:57 · Score: 1
  
  does anything get accomplished with a DDoS that it provides some kind of value?
  Rent the botnet and instruct all the clients to download and install all their missing OS patches, install some AV software, and finally to uninstall the botnet client.
6. Re:Tomorrow will be interesting... by BlueStrat · 2016-11-27 15:25 · Score: 2
  
  This.
  DDoS is vandalism.
  It pisses someone off; costs them; and the little botnet kiddies giggle.
  It's also an asymmetric-warfare weapon of domestic and foreign dissidents against oppressive, authoritarian governments, which is the real, actual concern of those governments. This is particularly true in the US, as the government continues to become ever more authoritarian, corrupt, deceitful, and controlling, both domestically and in foreign affairs.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
7. Re:Tomorrow will be interesting... by CaptainDork · 2016-11-27 15:47 · Score: 1
  
  DDoS is an inconvenience.
  It is not a problem.
  The attack on Dyn was mitigated in a few hours and we move on.
  Dyn should have been hardened to begin with.
  You and I can bring down a single web page by ourselves but we don't.
  
  --
  It little behooves the best of us to comment on the rest of us.
8. Re:Tomorrow will be interesting... by CODiNE · 2016-11-28 01:22 · Score: 1
  
  D'oh! Serves me right trying to use big words.
  
  --
  Cwm, fjord-bank glyphs vext quiz
9. Re:Tomorrow will be interesting... by geekmux · 2016-11-28 02:20 · Score: 1
  
  This.
  DDoS is vandalism.
  It pisses someone off; costs them; and the little botnet kiddies giggle.
  Given the impact of attacking DNS, and the proliferation of State-sponsored hacking groups, I think we can stop with the giggling kiddies references now.
  Not sure when we'll learn with DNS either. The security community has been preaching/bitching about the weaknesses of DNS for too damn long, and little has really been done to truly address the Achilles heel of the internet.
10. Re:Tomorrow will be interesting... by geekmux · 2016-11-28 02:22 · Score: 3, Insightful
  
  DDoS is an inconvenience.
  It is not a problem.
  The attack on Dyn was mitigated in a few hours and we move on.
  Dyn should have been hardened to begin with...
  Dyn should have been hardened? No, more like DNS as a whole should have been hardened fucking long ago.
  It's still the Achilles heel of the internet.
11. Re:Tomorrow will be interesting... by Anonymous Coward · 2016-11-28 02:28 · Score: 0
  
  I will agree that the US government has some corrupt and deceitful people but no more than any other governments around the world but I see no authoritarian tendencies on the domestic front. If the existing government was authoritarian and controlling Trump would have never been elected President. Some how the entrenched power base in both parties along with their wealthy backers were sidelined after spending millions of dollars to defeat Trump. And the US government is free to look out for number one when it comes to foreign affairs. Nobody ever does any favors for the US for free and US constitutional protections are not applicable outside of the US.. Every "friend" or "enemy" country on the planet run intelligence operations against the US every day and expecting the US not to return the favor is idiotic.
12. Re:Tomorrow will be interesting... by CaptainDork · 2016-11-28 02:37 · Score: 1
  
  I agree.
  
  --
  It little behooves the best of us to comment on the rest of us.
13. Re:Tomorrow will be interesting... by CaptainDork · 2016-11-28 02:39 · Score: 1
  
  Agrre,
  IT, in general, has been bitching to management about best practices.
  Risk/reward analysis, so far, is in favor of sloppy gate-keeping.
  
  --
  It little behooves the best of us to comment on the rest of us.
14. Re:Tomorrow will be interesting... by geekmux · 2016-11-28 03:35 · Score: 1
  
  Agrre,
  IT, in general, has been bitching to management about best practices.
  Risk/reward analysis, so far, is in favor of sloppy gate-keeping.
  Agreed. A job mired in Security is often difficult to justify good solutions when armed with FUD as a sales tactic.
  Sad we sometimes have to watch things implode in order for management to understand impact.
  Very sad when the end result of poor security is harm to humans. I am not looking forward to our IoT-enabled autonomous future with the way we perceive InfoSec today.
Just like Slashbot by Anonymous Coward · 2016-11-27 10:55 · Score: 0

Got slavertisements? Got political shit to say?
Rent Slashbot... Available right here!
Hunter Killer Teams by JustAnotherOldGuy · 2016-11-27 10:59 · Score: 0

I would approve of Hunter Killer teams solving this problem.

--
Just cruising through this digital world at 33 1/3 rpm...
1. Re:Hunter Killer Teams by Anonymous Coward · 2016-11-27 11:55 · Score: 0
  
  Hire the Mormons. They are amongst the best hunters on the planet. But you'll have to give up your daughter.
2. Re:Hunter Killer Teams by gtall · 2016-11-27 23:02 · Score: 1
  
  I know it is difficult to believe but not every problem can be solved by killing someone.
3. Re:Hunter Killer Teams by JustAnotherOldGuy · 2016-11-28 03:55 · Score: 1
  
  I know it is difficult to believe but not every problem can be solved by killing someone.
  That is difficult to believe.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
Mission complete by Tablizer · 2016-11-27 11:16 · Score: 0

It's available because Putin is finished using it.

--
Table-ized A.I.
For BOINC! by product_bucket · 2016-11-27 11:20 · Score: 1

There must be some low/non CPU intensive BOINC projects out there that could really appreciate this sort of 'net. I suppose it's probably not worth the time to get different router/IoT ASICs to actually run custom applications, compared with just pointing them to an IP for laughs.
1. Re:For BOINC! by drinkypoo · 2016-11-27 14:15 · Score: 1
  
  Those systems don't tend to have a lot of RAM either, so they are only capable of performing truly trivial tasks, like spying on you or participating in a DDoS.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
2. Re:For BOINC! by Anonymous Coward · 2016-11-27 14:36 · Score: 0
  
  This is the elephant in the room to me. It absolutely boggles my mind that this sort of applicability doesn't get brought up all as far as I've seen in all this recent discussion about IoT botnetting, Mirai, etc., although I suppose one would run into challenges getting anyone to sign off on this kind of stuff within academics. I would be surprised if there wasn't massive R&D happening underground if not already well established. We already have sort-of-distributed computing malware for bitcoin mining.
  Like money, there are riches to be had when you "own"/control such an abundance (especially when unsecured) of clock cycles. For my analogy attempt (alas not involving cars), would it not be like letting your money sit out in public? Only difference being that not everybody necessarily values their clock cycles (and control and security thereof).
3. Re:For BOINC! by Anonymous Coward · 2016-11-28 00:36 · Score: 0
  
  They sure are going to love those 200 BogoMIPS nodes
Smack my ass and call me Sally by Anonymous Coward · 2016-11-27 11:20 · Score: 0

Well, rustle my jimmies with hot grits -- imagine a beowolf cluster of these bots!
Thankfully I only use APPS and am protected with a HOSTS file, so I have nothing to worry about.
1. Re: Smack my ass and call me Sally by Anonymous Coward · 2016-11-27 11:48 · Score: 0
  
  Hosts file!?!? Well I'll be dipped in shit and rolled in breadcrumbs. That'll fix everything from dead kittens to a rainy day. apk said so.
I hope these rental services are honeypots by presidenteloco · 2016-11-27 11:23 · Score: 1

Throw a few of the would-be DDOSers in jail for a couple of years for the first offence. And ban them from the interwebs for 5 years after that on probation. You can be a sociopath but it will cost you. Might deter a few.

--

Where are we going and why are we in a handbasket?
1. Re: I hope these rental services are honeypots by Anonymous Coward · 2016-11-27 11:39 · Score: 0
  
  The Internet isn't that important. This is equivalent to jaywalking in seriousness.
2. Re: I hope these rental services are honeypots by Anonymous Coward · 2016-11-27 13:17 · Score: 0
  
  It's already illegal and people have been jailed for it. All that did was put it in the spotlight.
Re: Klingons vs. Niggers by Anonymous Coward · 2016-11-27 11:50 · Score: 0

Truer words have never been spoken
I wonder what the access level would be? by RhettLivingston · 2016-11-27 12:19 · Score: 1

Could you rent the net and sneak in code to wipe the machines?
1. Re:I wonder what the access level would be? by campuscodi · 2016-11-28 01:23 · Score: 1
  
  You obviously can only launch attacks. Don't think they'd give you access to bot updates.
How is this different.. by no1nose · 2016-11-27 12:38 · Score: 1

...than the fuel-celled car Toyota is releasing soon?
Math is hard. by kuzb · 2016-11-27 13:09 · Score: 1

If it's between $3000 and $4000 for 2 weeks for 50,000 bots that means it's between $24,000 and $32,000 for all of them not $20,000 and $30,000. How do you guys fail at math that basic.

--
BeauHD. Worst editor since kdawson.
1. Re:Math is hard. by wbr1 · 2016-11-27 13:43 · Score: 1
  
  Bulk discount maybe???
  
  --
  Silence is a state of mime.
Why would the Russians rent out their botnets? by guruevi · 2016-11-27 14:08 · Score: 1

So a state-level actor rents out a botnet commercially? <Watches as cognitive dissonance explodes heads>

--
Custom electronics and digital signage for your business: www.evcircuits.com
1. Re:Why would the Russians rent out their botnets? by Anonymous Coward · 2016-11-27 19:06 · Score: 0
  
  I don't think you know what cognitive dissonance is.
2. Re:Why would the Russians rent out their botnets? by porksauce · 2016-11-28 06:30 · Score: 1
  
  It's an interesting subject. If the botnet was created by some government actors, it would make sense to privatize it but still keep the keys so that you could: a) disavow if the operators are discovered, b) know who else is using it and for what, c) seize it if needed in an emergency. If it was created by private actors, a government would want to find them and get that kind of access to it, but certainly not destroy it or interfere with its operation.
Klingons vs. Kazon by Anonymous Coward · 2016-11-27 14:09 · Score: 0

No it's stupid. Voyager already covered this subject. The black gangbanger aliens with wild afros were called Kazon, and they were former slaves of the Trabe, who were rubber foreheaded white aliens.
TR-069 by Anonymous Coward · 2016-11-27 14:44 · Score: 0

I've been getting port scans for TR-069 in the past 4 days, in addition to the usual telnet and ssh. People are definitely on the move and also this suggests that there are new exploits in the wild
Re: jaywalking by presidenteloco · 2016-11-27 16:31 · Score: 1

Yes. Exactly equivalent, if everytime you jaywalked, traffic ground to a halt and a million people couldn't get to where they were going for half a day.

--

Where are we going and why are we in a handbasket?
Re: jaywalking by Anonymous Coward · 2016-11-27 17:42 · Score: 0

Yes, those million people will be lost without their porn and Facebook games.
Enough with the Bot Nets. by Neuronwelder · 2016-11-28 04:35 · Score: 1

My only hope is that someone will make an analogue "watchdog" disconnection device to the Web when the computer is idle for a period of time. This won't solve the problem but it will cut drastically the amount of units at their disposal.