Industryweek 12248 Outage Map

A Play-by-Play Look at the Mirai Botnet's Internet Takedown

Oct. 26, 2016
Last Friday, scores of Internet of Things devices played a role in shutting down much of the Internet. Here's a look at the events leading up to that massive attack.

Until last Friday’s attack, talking about IoT security threats seemed like yelling: "The sky is falling!" Now, many people are wondering how hackers could have shut down a significant chunk of the Internet in one fell swoop. Here’s a chronological summary of events leading up to the historic botnet attack.

September 8: Krebs Dishes Dirt on DDoS
Security guru Brian Krebs posted an article about a DDoS attack-for-service site known as vDOS. He claimed that the site earned $600,000 in two years. Hours after posting, authorities in Israel arrested two of the alleged operators of the site.

In one of his posts, Krebs wrote that: “To say that vDOS has been responsible for the vast majority of DDoS attacks in recent years. From April to July 2016, the service launched roughly 8.81 years worth of attack traffic.” The service offered “IP stresser” services for as little as $29.99 monthly.

September 20: Krebs and Dyn Write about BackConnect, the Security Firm That Hacks Hackers
Krebs wrote how a DDoS mitigation firm known as BackConnect admitted to hacking hundreds of Internet addresses in Europe to learn more about hackers targeting the company. In an email to Krebs, Bryant Townsend, CEO of the business, confirmed the company had launched a border gateway protocol hijack on the hack-for-hire company vDOS but stated it was a “defensive” maneuver.

Dyn also wrote a blog post on the subject, titled BackConnect’s Suspicious BGP Hijacks, which claims that BackConnect had often spoofed Internet addresses using the BGP hijack technique.

That same day, Krebs saw his web server attacked in what was one of the biggest DDoS attacks to date. Hackers would hit Dyn later.

BackConnect would later state that it had nothing to do with the attack.

September 23: Akamai Drops Support for Krebs
The content delivery network Akamai announced that it would stop providing free DDoS protection services to Brian Krebs. The company had protected Krebs from 250 DDoS attacks over the course of four years but stated that it would be too expensive to fend off future attacks of the same magnitude of the assault against Krebs. Google would step in two days later to protect his website as part of its Project Shield

October 1: Source Code for Mirai Goes Open Source
The source code for the “Mirai” that attacked the web server of Brian Krebs was released on a hackers’ forum.

“The author probably felt threatened. … either by someone close to them or law enforcement was closing in on them,” says Thomas Pore, director of IT and services of Plixer. “Should someone grab their laptop, you don’t want to be the only person holding that source code. So when you flood that out to Github, many security researchers as well as malicious actors are going to pull that code.”

“You don’t typically see someone who has something possibly as powerful as this is release the source code unless they are really freaked out about getting in trouble for it. It is a way to cover your tracks. You don’t usually see that,” agrees Chase Cunningham, Ph.D., A10 Networks’ director of cyber operations.

October 19: Dyn Speaks on BackConnect's Use of BGP Hijacks
Doug Madory, the director of internet analysis at the DNS company Dyn, gives a talk on DDoS at NANOG, the North American Network Operators Group. In his talk, Madory shares his perspective on BackConnect’s attacks against vDos. He states that BackConnect is likely the first security company to confirm its use of a BGP hijack to intercept traffic.

Read More

IOT Institute is, like IndustryWeek, powered by Penton, an information services company.

Popular Sponsored Recommendations

How to Build a Predictive Maintenance Program: Lessons Learned from LSB Industries’ Success

Dec. 21, 2023
Register today and join this webinar to gain insight on best practices for setting up a predictive maintenance program from industry experts.

The Guide to Balancing Citizen Development and Governance in Manufacturing Operations

Sept. 19, 2023
Platforms with no-code capabilities provide a competitive advantage for manufacturers responding to rapidly changing disruptions and demands. This guide helps manufacturers maintain...

3 Best Practices to Create a Product-Centric Competitive Advantage with PRO.FILE PLM

Jan. 25, 2024
Gain insight on best practices and strategies you need to accelerate engineering change management and reduce time to market. Register now for your opportunity to accelerate your...

S&OP Optimization: Data-driven Strategies to Achieve Sustainable Profitability

Feb. 6, 2024
Through collaborative S&OP, manufacturers can balance demand and supply effectively, optimize resources, and capitalize on emerging market opportunities. Learn how to maximize...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!