Ready to Start Your Career?

How Not Knowing the Mirai Botnet Makes You a Rookie

Aman2406 's profile image

By: Aman2406

November 9, 2017

Internet of things is currently one of the best technologies available to mankind. It is really helpful in reshaping the world and its future. Many Tech-giants are even moving into this field, whereas many start-ups are growing up making IoT their agenda. Everyone is thinking about making the world better and making people’s lives easier than now. Given all the control of the gadgets in their hand, just a smartphone connecting them to all the appliances through the internet.

But is anyone giving any thought to security? Security was, is and always will be the most crucial aspect for everyone, whether it’s an individual or a multi-million dollar corporation. Whenever we talk about security, we always think about hackers and their successful attempt to prove that “This is Un-Hackable” is just a myth. These hackers are using, many tools and techniques which compromise security, like Botnets. Botnets were created decades ago, hackers are using them to compromise people’s computer security over the net and using them as a pawn for a centralized workstation. Apart from that, these hackers use the computing power of these systems on target with a DDOS attack (Distributed Denial-of-Service), flooding their system with so many anonymous requests to take them down.

IOT is making our lives better and easier (or more dependent), but it has also made the "problem of security" worse than it was before. In order for small start-ups to compete with big giants, they offer their product cheaply without thinking about security. Thanks to these cheap devices like IP cameras, digital video cameras, and other devices which lack security and can easily be hacked and can be used for a large-scale botnet attack to target a big site one at a time.

On September 22nd, a botnet named Mirai made its presence with a dramatic flair. It was used by the hacker to flood a server of an extrusive corresponding website using millions of zombie IOT devices. The website was a personal blog of famous investigative journalist Brian Krebs, who gradually discovered the Israeli DDoS-for-hire service called the vDos. This could be a planned attack, as per the statistics the processing used to implement that the attack was around 620 Gigabytes that can be counted around more than 40 thousand devices at the same time.

On October 21st, there was another attack using the Mirai botnet on the DYN Incorporation. DYN is a big firm, offering its services by providing products related to internet management performance, to monitor, control and optimize online infrastructure. DYN is also a big giant for Domain Registration Services and email products, making the corporation that provides the backbone to the US Internet network. On that day, DYN faced the first attack around 7 am ET, which almost took 2 hours to get resolved. But that was accompanied by two more attacks, one before noon and another one after 4 pm ET. DYN reported that the attack was carried out by tens of millions of IP addresses disrupting its directory services that made it difficult for the users not only to the DYN own website but to its client's website too like Twitter, Amazon, GitHub, Netflix, Runescape, Spotify and much more. After the day passed, DYN broadcasted about the attack that it has been very sophisticated and a complex attack, and it’s still going on.

In November, somewhere around 3rd, there was another attack conducted using the dreadful botnet, but this time was targeted to bring a whole nation down. Liberia was the victim nation, in which only 6% of the population used the internet services using the satellite connection until they were provided with an ACE fiber cable along the West African coast, which provides a capacity of 5.1 Terabyte of data and it is well distributed across the coast to serve. On that day, the Mirai bot targeted a mobile telecommunication provider, which was declared by the sources that the attack went by 50 GBPS. After that incident, many people are still figuring it out, why a small nation like Liberia was attacked and what could be the reason for it?

On November 16th, Almost like 900 Thousand devices of the renowned ISP Deutsche Telecom were known offline when their system was infected by the dreadful worm Mirai. The earlier versions of Mirai botnet just used to scan for devices for default credentials, but this time after the source code was released on the web around in September. The mastermind behind this attack added a new weapon to its arsenal, an exploit code for a security flaw discovered recently on devices made by Speed port and Zyxel. This new feature makes a change in the configuration of the infected router that it disables the function in which the routers allow the ISP to make changes to the router like upgrading the software disabling the clean-up and restoration efforts. According to the report by BadCyber.com, the ones who first wrote the article about the vulnerability that the worm executes a couple of commands which makes the device secure till there is a reboot. After that, it closes the port 7547 and kills all the Telnet services that make it difficult for the ISP to make any up gradation remotely. 

In September, after the attack on the KrebsonSecurity website. The individual who was behind all this fuss, the mastermind behind the Mirai Botnet Attack chain made an online appearance on a forum website named hacker forum, where he distributed the source code for the other hacker for free. And somewhere this year in July, the KrebsonSecurity investigator traced out the individual named Daniel Kaye, a U.K citizen likely the one who was clumsily wielding the powerful cyber weapon Mirai Botnet. In February 2017, authorities in U.K arrested the man and presented him to the court on the charges of big scale attack on German MNC putting 90 thousand devices offline. But after his arrest was conducted, another hacker named “Bestbuy” came in public and took responsibility for the outrage he has done and apologized for the inconvenience he has caused. But it was later presented to the German court that Daniel Kaye was the one who developed the weapon and tested it many times, which comprised of many failed attempts and big attempts like on U.K, Germany, and Liberia. He also confessed that he did that for the money in order to settle with his fiancé after their marriage to have a simple and good life.

After all this research, and going through many articles, I came across several questions and even some of them also occurred to me; why did they target Liberia, a small nation? How can we stop these attacks in the future or can we live in peace? As per my research, I came up with a theory to the effect of, Liberia attacks that it was just a testing procedure to test the wrath of the cyber weapon as it was later called as Mirai Botnet 14 when the attack was going live. Whereas this cyber weapon has proved to be unstoppable, due to the source code going open, we can aspect more deadly attack from the re-engineered version of this worm in the future. The attack was successful because of the low-cost devices with no security and peoples lack of knowledge in order to keep them and their devices secure are coming in handy for the bad guys. Whereas we can’t expect from the officials for any kind of help, as it was out when the shadow brokers hacked into NSA and publicly showcased their tools that even the officials don’t want us to be secured. They are less involved in securing all the vulnerabilities, but instead more active in eavesdropping on us by keeping the vulnerabilities active. I came to a conclusion that, these scenarios just give us a reminder that even after so much security, surveillance, resources and precautionary measures, the world wide web is still fragile, and that there are people out there around the globe who still hold the power to disrupt it.

References:

https://www.schneier.com/essays/archives/2017/03/botnets_of_things.html

https://krebsonsecurity.com/2016/11/new-mirai-worm-knocks-900k-germans-offline/

https://badcyber.com/new-mirai-attack-vector-bot-exploits-a-recently-discovered-router-vulnerability/

https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/

https://krebsonsecurity.com/2017/07/suspended-sentence-for-mirai-botmaster-daniel-kaye/

https://www.wired.com/2016/12/botnet-broke-internet-isnt-going-away/

https://en.wikipedia.org/wiki/Mirai_(malware)

https://krebsonsecurity.com/2016/11/did-the-mirai-botnet-really-take-liberia-offline/

https://krebsonsecurity.com/tag/mirai-botnet/
Schedule Demo