Internet-destroying outages were caused by "amateurish" IoT malware

Some of the internet's most popular, well-defended services -- including Twitter -- were knocked offline yesterday by a massive denial-of-service attack that security experts are blaming on botnets made from thousands of hacked embedded systems in Internet of Things devices like home security cameras and video recorders.

The attack follows a disturbing pattern: in late September, internet security journalist Brian Krebs faced one of the worst denial of service attacks in history, apparently launched in retaliation for his coverage of a couple of petty crooks from Israel who ran a DoS-for-hire service. The attack originated from IoT devices that had been infected by the Mirai botnet, whose sourcecode was dumped shortly thereafter, revealing it to be a "clumsy, amateurish" piece of code that only succeeded because IoT devices have security that's so bad that it can only be called negligent.

Within a week of the Mirai sourcecode dump, rival Mirai-based botnets were racing to take over as much of the IoT's millions of embedded systems as they could find, eventually reaching devices in every country in the world with reliable electricity and internet service.

The Krebs attack hit 620 Gbps, the kind of traffic floods normally associated with state actors. They came days after security expert Bruce Schneier revealed that he'd been confidentially apprised of attacks seemingly designed to calibrate a weapon that could shut down the entire internet, presumed to originate in China.

Level 3 CSO Dale Drew says that the attack only used "about 10 percent" of the half-million Mirai nodes available (a number that continues to grow). These devices are not designed to be easily updated in the field, meaning that even if security in future versions of IoT products is improved, the existing dumpster fire of the installed base of Internet of Shit devices will continue to rage, finding and infecting every last Mirai-vulnerable device and recruiting it into a virtually unkillable source of attacks on critical infrastructure.

The Wikileaks Twitter account sent out a message blaming its supporters for the attack, implying that it was in retaliation for the Ecuadoran embassy's shutdown of Julian Assange's internet link, a measure Wikileaks blames on pressure from the US government after the dump of transcripts of Hillary Clinton's speeches to the finance industry, though Ecuador says it took the measure of its own accord.

Hacked Cameras, DVRs Powered Today’s Massive Internet Outage [Brian Krebs/Krebs on Security]

WikiLeaks Supporters Likely Behind Massive Internet DDoS Attacks, Assange Possibly In Danger [Marco Chiappetta/Hot Hardware]

Blame the Internet of Things for Destroying the Internet Today [Lorenzo Franceschi-Bicchierai/Motherboard]

(Image: Level 3)

Loading...