Image

A Play-by-Play Look at the Mirai Botnet's Internet Takedown

Oct. 26, 2016
Last Friday, scores of Internet of Things devices played a role in shutting down much of the Internet. Here's a look at the events leading up to that massive attack.

Until last Friday’s attack, talking about IoT security threats seemed like yelling: "The sky is falling!" Now, many people are wondering how hackers could have shut down a significant chunk of the Internet in one fell swoop. Here’s a chronological summary of events leading up to the historic botnet attack.

September 8: Krebs Dishes Dirt on DDoS
Security guru Brian Krebs posted an article about a DDoS attack-for-service site known as vDOS. He claimed that the site earned $600,000 in two years. Hours after posting, authorities in Israel arrested two of the alleged operators of the site.

In one of his posts, Krebs wrote that: “To say that vDOS has been responsible for the vast majority of DDoS attacks in recent years. From April to July 2016, the service launched roughly 8.81 years worth of attack traffic.” The service offered “IP stresser” services for as little as $29.99 monthly.

September 20: Krebs and Dyn Write about BackConnect, the Security Firm That Hacks Hackers
Krebs wrote how a DDoS mitigation firm known as BackConnect admitted to hacking hundreds of Internet addresses in Europe to learn more about hackers targeting the company. In an email to Krebs, Bryant Townsend, CEO of the business, confirmed the company had launched a border gateway protocol hijack on the hack-for-hire company vDOS but stated it was a “defensive” maneuver.

Dyn also wrote a blog post on the subject, titled BackConnect’s Suspicious BGP Hijacks, which claims that BackConnect had often spoofed Internet addresses using the BGP hijack technique.

That same day, Krebs saw his web server attacked in what was one of the biggest DDoS attacks to date. Hackers would hit Dyn later.

BackConnect would later state that it had nothing to do with the attack.

September 23: Akamai Drops Support for Krebs
The content delivery network Akamai announced that it would stop providing free DDoS protection services to Brian Krebs. The company had protected Krebs from 250 DDoS attacks over the course of four years but stated that it would be too expensive to fend off future attacks of the same magnitude of the assault against Krebs. Google would step in two days later to protect his website as part of its Project Shield

October 1: Source Code for Mirai Goes Open Source
The source code for the “Mirai” that attacked the web server of Brian Krebs was released on a hackers’ forum.

“The author probably felt threatened. … either by someone close to them or law enforcement was closing in on them,” says Thomas Pore, director of IT and services of Plixer. “Should someone grab their laptop, you don’t want to be the only person holding that source code. So when you flood that out to Github, many security researchers as well as malicious actors are going to pull that code.”

“You don’t typically see someone who has something possibly as powerful as this is release the source code unless they are really freaked out about getting in trouble for it. It is a way to cover your tracks. You don’t usually see that,” agrees Chase Cunningham, Ph.D., A10 Networks’ director of cyber operations.

October 19: Dyn Speaks on BackConnect's Use of BGP Hijacks
Doug Madory, the director of internet analysis at the DNS company Dyn, gives a talk on DDoS at NANOG, the North American Network Operators Group. In his talk, Madory shares his perspective on BackConnect’s attacks against vDos. He states that BackConnect is likely the first security company to confirm its use of a BGP hijack to intercept traffic.

Read More

IOT Institute is, like IndustryWeek, powered by Penton, an information services company.
About the Author

Brian Buntz | Content Director, IoT Institute

Brian is a veteran journalist with more than ten years’ experience covering an array of technologies including the Internet of Things, 3-D printing, and cybersecurity. Before coming to Penton, he served as the editor-in-chief of UBM’s Qmed where he overhauled the brand’s news coverage and helped to dramatically grow the site’s traffic volume. He had previously held managing editor roles on the company’s medical device technology publications including European Medical Device Technology (EMDT) and Medical Device & Diagnostics Industry (MD+DI), and had served as editor-in-chief of Medical Product Manufacturing News (MPMN).

At UBM, Brian also worked closely with the company’s events group on speaker selection and direction and played an important role in cementing famed futurist Ray Kurzweil as a keynote speaker at the 2016 Medical Design & Manufacturing West event in Anaheim. An article of his was also prominently feon kurzweilai.net, a website dedicated to Kurzweil’s ideas.


Multilingual, Brian has an M.A. degree in German from the University of Oklahoma, and he is currently working on mastering French.

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!