You Can Now Rent A Mirai Botnet Of 400,000 Bots (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

You Can Now Rent A Mirai Botnet Of 400,000 Bots (bleepingcomputer.com)

Posted by EditorDavid on Sunday November 27, 2016 @10:35AM from the telnetting-for-dollars dept.

An anonymous reader writes: Two hackers are renting access to a massive Mirai botnet, which they claim has more than 400,000 infected bots, ready to carry out DDoS attacks at anyone's behest. The hackers have quite a reputation on the hacking underground and have previously been linked to the GovRAT malware, which was used to steal data from several US companies. Renting around 50,000 bots costs between $3,000-$4,000 for 2 weeks, meaning renting the whole thing costs between $20,000-$30,000.

After the Mirai source code leaked, there are countless smaller Mirai botnets around, but this one is [believed to be the one] accounting for more than half of all infected IoT devices...that supposedly shut down Internet access in Liberia. The original Mirai botnet was limited to only 200,000 bots because there were only 200,000 IoT devices connected online that had their Telnet ports open. The botnet that's up for rent now has received improvements and can also spread to IoT devices via SSH, hence the 400,000 bots total.
Interestingly, the article claims the botnet's creators had access \to the Mirai source code "long before it went public."

34 of 62 comments (clear)

Min score:

Reason:

Sort:

Or you can get a botnet for free... by Anonymous Coward · 2016-11-27 10:42 · Score: 5, Funny

By getting an article posted on slashdot and having the site you want DDoS'd linked in the summary :)
1. Re: Or you can get a botnet for free... by Anonymous Coward · 2016-11-27 14:42 · Score: 1
  
  5 visitors from Skashdot isn't going to ddos anyone.
2. Re:Or you can get a botnet for free... by Anonymous Coward · 2016-11-27 16:41 · Score: 1
  
  Maybe 10 years ago...
15k a week? by rsilvergun · 2016-11-27 10:44 · Score: 1

Jesus, I'm in the wrong line of work.

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
1. Re:15k a week? by turbidostato · 2016-11-27 11:05 · Score: 1
  
  Isn't capitalism a wonderful thing?
2. Re:15k a week? by _Sharp'r_ · 2016-11-27 12:06 · Score: 1
  
  So for $30K, you can patch 400K bot systems to never participate in another botnet? That's less than some companies pay in DDOS protection every month..... just an idea, guys.
  
  --
  The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
3. Re:15k a week? by Dutch+Gun · 2016-11-27 13:15 · Score: 1
  
  I'm pretty sure they don't give you direct control over the botnet. I'd suspect you can only direct who to attack, attack timing/duration, and how many bots.
  Maybe there's something you could do once you know all the IPs (for instance, you could direct them at a honeypot target), but a lot of malware closes the door behind itself once a device is compromised. I'm not sure how Mirai works, but I wouldn't be surprised if it behaved in a similar fashion.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
Tomorrow will be interesting... by aaarrrgggh · 2016-11-27 10:50 · Score: 2

Cyber Monday could be interesting.

But seriously... other than causing chaos, does anything get accomplished with a DDoS that it provides some kind of value? I get the idea of a multi-pronged attack, but is there that much to gain?
1. Re:Tomorrow will be interesting... by CaptainDork · 2016-11-27 10:53 · Score: 2
  
  This.
  DDoS is vandalism.
  It pisses someone off; costs them; and the little botnet kiddies giggle.
  
  --
  It little behooves the best of us to comment on the rest of us.
2. Re:Tomorrow will be interesting... by cdsparrow · 2016-11-27 10:59 · Score: 1
  
  Potentially, if you had a wide enough reach and enough bots, you could take over a specific router somewhere and ddos lots of other points funneling traffic through your compromised pipe. On small scale this could be used to steal data, mitm attack, etc. The internet is fairly predictable at small scale where it will route packets around a road block you create.
3. Re:Tomorrow will be interesting... by CODiNE · 2016-11-27 11:06 · Score: 2
  
  It's good for masking actual intrusions. Distracting the IT guys from the data exhilaration going on.
  It's also useful for stopping up bank transactions long enough for the undo window to expire on fraudulent transfers. Say you do some real estate fraud and trick someone into wiring $200k to the wrong account. Doesn't do you any good if they catch it and roll it back in a day. Do the transfer, DDoS the heck out of the bank... that's well worth $15k a week.
  Script kiddies don't pay that kind of money to laugh about taking Walmart down for a few days. There's real money behind this stuff.
  
  --
  Cwm, fjord-bank glyphs vext quiz
4. Re:Tomorrow will be interesting... by magarity · 2016-11-27 13:57 · Score: 1
  
  does anything get accomplished with a DDoS that it provides some kind of value?
  Rent the botnet and instruct all the clients to download and install all their missing OS patches, install some AV software, and finally to uninstall the botnet client.
5. Re:Tomorrow will be interesting... by BlueStrat · 2016-11-27 15:25 · Score: 2
  
  This.
  DDoS is vandalism.
  It pisses someone off; costs them; and the little botnet kiddies giggle.
  It's also an asymmetric-warfare weapon of domestic and foreign dissidents against oppressive, authoritarian governments, which is the real, actual concern of those governments. This is particularly true in the US, as the government continues to become ever more authoritarian, corrupt, deceitful, and controlling, both domestically and in foreign affairs.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
6. Re:Tomorrow will be interesting... by CaptainDork · 2016-11-27 15:47 · Score: 1
  
  DDoS is an inconvenience.
  It is not a problem.
  The attack on Dyn was mitigated in a few hours and we move on.
  Dyn should have been hardened to begin with.
  You and I can bring down a single web page by ourselves but we don't.
  
  --
  It little behooves the best of us to comment on the rest of us.
7. Re:Tomorrow will be interesting... by CODiNE · 2016-11-28 01:22 · Score: 1
  
  D'oh! Serves me right trying to use big words.
  
  --
  Cwm, fjord-bank glyphs vext quiz
8. Re:Tomorrow will be interesting... by geekmux · 2016-11-28 02:20 · Score: 1
  
  This.
  DDoS is vandalism.
  It pisses someone off; costs them; and the little botnet kiddies giggle.
  Given the impact of attacking DNS, and the proliferation of State-sponsored hacking groups, I think we can stop with the giggling kiddies references now.
  Not sure when we'll learn with DNS either. The security community has been preaching/bitching about the weaknesses of DNS for too damn long, and little has really been done to truly address the Achilles heel of the internet.
9. Re:Tomorrow will be interesting... by geekmux · 2016-11-28 02:22 · Score: 3, Insightful
  
  DDoS is an inconvenience.
  It is not a problem.
  The attack on Dyn was mitigated in a few hours and we move on.
  Dyn should have been hardened to begin with...
  Dyn should have been hardened? No, more like DNS as a whole should have been hardened fucking long ago.
  It's still the Achilles heel of the internet.
10. Re:Tomorrow will be interesting... by CaptainDork · 2016-11-28 02:37 · Score: 1
  
  I agree.
  
  --
  It little behooves the best of us to comment on the rest of us.
11. Re:Tomorrow will be interesting... by CaptainDork · 2016-11-28 02:39 · Score: 1
  
  Agrre,
  IT, in general, has been bitching to management about best practices.
  Risk/reward analysis, so far, is in favor of sloppy gate-keeping.
  
  --
  It little behooves the best of us to comment on the rest of us.
12. Re:Tomorrow will be interesting... by geekmux · 2016-11-28 03:35 · Score: 1
  
  Agrre,
  IT, in general, has been bitching to management about best practices.
  Risk/reward analysis, so far, is in favor of sloppy gate-keeping.
  Agreed. A job mired in Security is often difficult to justify good solutions when armed with FUD as a sales tactic.
  Sad we sometimes have to watch things implode in order for management to understand impact.
  Very sad when the end result of poor security is harm to humans. I am not looking forward to our IoT-enabled autonomous future with the way we perceive InfoSec today.
For BOINC! by product_bucket · 2016-11-27 11:20 · Score: 1

There must be some low/non CPU intensive BOINC projects out there that could really appreciate this sort of 'net. I suppose it's probably not worth the time to get different router/IoT ASICs to actually run custom applications, compared with just pointing them to an IP for laughs.
1. Re:For BOINC! by drinkypoo · 2016-11-27 14:15 · Score: 1
  
  Those systems don't tend to have a lot of RAM either, so they are only capable of performing truly trivial tasks, like spying on you or participating in a DDoS.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I hope these rental services are honeypots by presidenteloco · 2016-11-27 11:23 · Score: 1

Throw a few of the would-be DDOSers in jail for a couple of years for the first offence. And ban them from the interwebs for 5 years after that on probation. You can be a sociopath but it will cost you. Might deter a few.

--

Where are we going and why are we in a handbasket?
I wonder what the access level would be? by RhettLivingston · 2016-11-27 12:19 · Score: 1

Could you rent the net and sneak in code to wipe the machines?
1. Re:I wonder what the access level would be? by campuscodi · 2016-11-28 01:23 · Score: 1
  
  You obviously can only launch attacks. Don't think they'd give you access to bot updates.
How is this different.. by no1nose · 2016-11-27 12:38 · Score: 1

...than the fuel-celled car Toyota is releasing soon?
Math is hard. by kuzb · 2016-11-27 13:09 · Score: 1

If it's between $3000 and $4000 for 2 weeks for 50,000 bots that means it's between $24,000 and $32,000 for all of them not $20,000 and $30,000. How do you guys fail at math that basic.

--
BeauHD. Worst editor since kdawson.
1. Re:Math is hard. by wbr1 · 2016-11-27 13:43 · Score: 1
  
  Bulk discount maybe???
  
  --
  Silence is a state of mime.
Why would the Russians rent out their botnets? by guruevi · 2016-11-27 14:08 · Score: 1

So a state-level actor rents out a botnet commercially? <Watches as cognitive dissonance explodes heads>

--
Custom electronics and digital signage for your business: www.evcircuits.com
1. Re:Why would the Russians rent out their botnets? by porksauce · 2016-11-28 06:30 · Score: 1
  
  It's an interesting subject. If the botnet was created by some government actors, it would make sense to privatize it but still keep the keys so that you could: a) disavow if the operators are discovered, b) know who else is using it and for what, c) seize it if needed in an emergency. If it was created by private actors, a government would want to find them and get that kind of access to it, but certainly not destroy it or interfere with its operation.
Re: jaywalking by presidenteloco · 2016-11-27 16:31 · Score: 1

Yes. Exactly equivalent, if everytime you jaywalked, traffic ground to a halt and a million people couldn't get to where they were going for half a day.

--

Where are we going and why are we in a handbasket?
Re:Hunter Killer Teams by gtall · 2016-11-27 23:02 · Score: 1

I know it is difficult to believe but not every problem can be solved by killing someone.
Re:Hunter Killer Teams by JustAnotherOldGuy · 2016-11-28 03:55 · Score: 1

I know it is difficult to believe but not every problem can be solved by killing someone.
That is difficult to believe.

--
Just cruising through this digital world at 33 1/3 rpm...
Enough with the Bot Nets. by Neuronwelder · 2016-11-28 04:35 · Score: 1

My only hope is that someone will make an analogue "watchdog" disconnection device to the Web when the computer is idle for a period of time. This won't solve the problem but it will cut drastically the amount of units at their disposal.