WHY THIS MATTERS IN BRIEF
- As more “Smart” things are connected to the internet they all become targets that can be used to take part in huge DDoS attacks, and without global, or even regional, security standards for IOT devices it’s likely that these attacks will become more frequent, and potentially more deadly
After inflicting heavy damage on KrebsOnSecurity, and other web servers, in what transpired to be the largest DDoS attacks in history, which took down part of the Eastern United States and Europe’s internet, the creator of the Mirai botnet, a program designed to harness insecure IoT devices to run massive DDoS attacks, has apparently released the source code on Github.
The compact C code is designed to run on IP cameras and other Internet of Things (IoT) devices. It tries various hardcoded root passwords, infects the device, and then sends out traffic to a preset target. You can see the code containing the hardcoded passwords in this file called scanner.c.
Hackers originally used the botnet to send a 620 Gbps DDoS to KrebsOnSecurity earlier in the year and while the system’s powerful it’s easily thwarted by rebooting the offending IoT devices and updating their passwords and firmware – which is much harder than it sounds, particularly given the lack of IOT security standards and lack of coordination between providers.
“With Mirai, I usually pull max 380k bots from telnet alone,” write Anna-senpai, the hacker who released the code on Hackforums, “however, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”
Krebs doesn’t believe the release is altruistic especially given his penchant for getting hackers arrested.
“It’s an open question why anna-senpai released the source code for Mirai, but it’s unlikely to have been an altruistic gesture – miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home,” he said, “publishing the code online for all to see and download ensures that the code’s original authors aren’t the only ones found possessing it if and when the authorities come knocking with search warrants.”
The code is on Github now and appears to be legitimate and while we haven’t compiled it there is enough interesting info in the files themselves that it could make an educational project for researchers and, sadly, a compact tool for more nefarious uses.