Last week, famed security researcher Brian Krebs was forced to take his website, Krebs on Security, offline after it suffered one of the largest distributed denial-of-service attacks ever recorded. Now, the source code for the botnet used in the assault has been published online.
Krebs on Security was hit with 620 gigabits per second of junk data during the DDoS attack. While this wasn’t enough to bring down the site, Krebs’ hosting provider, Akamai Technologies, was forced to order it off the network. Akamai had been offering Krebs pro bono protection from attacks for years, but the size of this DDoS meant it couldn’t keep doing so without the financial impact affecting other customers.
Krebs on Security reported Saturday that the source code of the malware, known as Mirai, was announced on hacking community Hackforums. It seeks out vulnerable IoT products by scanning for systems protected by factory default or hard-coded usernames and passwords. The software turns these devices into vast networks of bots that can be used to launch DDoS attacks.
Krebs notes that as the source code is publicly available, it “virtually guarantees” the internet will be “flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.”
My guess is that (if it's not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth.
On the bright side, if that happens it may help to lessen the number of vulnerable systems.
According to Dale Drew, chief security officer at internet firm Level 3 Communications, these type of attacks are on the increase. "There is already a surge in botnet operators attempting to find and exploit IoT devices in order to gain access to uniform and sizable botnet networks," he said in an email to Ars Technica.
An even bigger DDoS attack took place later in the same month that Krebs on Security was targeted. French hosting firm OVH was hit with a record 1.1 Terabits per second of traffic.
The Mirai botnet and the one that targeted OVH are believed to control more than 1.2 billion devices, though the DDoS attacks against Krebs and OVH used only a fraction of them.
Krebs on Security was quickly up and running again following the attack, thanks to Alphabet's free Project Shield program.