Industryweek 13559 Security Ddos

Mirai's Role in DDoS Attack Casts Shadow on IoT

Oct. 26, 2016
October 22nd's distributed denial-of-service attack on Dyn servers that brought down popular websites was powered in part by Internet of Things devices infected by Mirai malware.

In Japanese, the name "Mirai" means "the future." It's also the name of a malware that has infected some half-million Internet of Things devices, potentially turning them into a massive botnet. Today, the future smashed into the Internet.

Dave Allen, general counsel at Dyn, a domain name system company, told the New York Times that Mirai played a role in today's distributed denial-of-service attack on Dyn. Traffic coming from tens of millions of IP addresses, including IoT devices such as surveillance cameras and home routers, flooded Dyn servers and brought down popular websites.

Netflix, Twitter, Spotify, Airbnb, Github, among others, suffered outages at various times of the day.

Today's troubles, however, were foreshadowed earlier this month when a hacker published the Mirai source code. Security researches say the malicious code isn't particularly sophisticated but doesn't have to be, given weak default logins and passwords of simple IoT devices. Last week, Level 3, an internet service provider, reported 493,000 devices had been infected with Mirai malware.

"All the code needed was 61 different combinations of username and passwords to create this giant botnet," Chase Cunningham, PhD, a former U.S. Navy chief cryptologic technician who supported U.S. Special Forces and Navy Seals in Iraq, told Internet of Things Institute earlier this month. "It just takes seconds to grab a device and use it for botnet or DDoS."

Cunningham ran a query with some code looking for devices that identify themselves as "IoT." He says he found 3,551 devices just "sitting for somebody waiting to tell them what to do."

Apparently, someone told them what to do today. Speaking on a livestream, Dale Drew, chief security officer at Level 3, says he found evidence that roughly 10 percent of all devices infected by Mirai were being used to attack Dyn's servers.

Read More

IOT Institute is, like IndustryWeek, powered by Penton, an information services company.

Popular Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!