SAN FRANCISCO – Consumers around the world could see their home Internet speeds slow in the coming weeks due to a recent release of software that allows hackers to use Internet-connected devices to attack websites.
The source code for Mirai, a tool that creates what are known as botnets, has been released on the so-called dark web, sites that require specific software or authorization to access and that operate as a sort of online underground for hackers. The release was announced Friday on Hackforums, a hacker discussion board. Two security experts contact by USA TODAY looked at the source code and confirmed it was this botnet tool.
Mirai is an easy-to-use program that allows even unskilled hackers to take over online devices and use them to launch distributed denial of service, or DDoS attacks. The software spreads via the Internet, taking over DVRs, cable set-top boxes, routers and even Internet-connected cameras used by stores and businesses for surveillance.
Once a device is hijacked, so much of its bandwidth goes towards doing the botnet's work that it can run slowly or suffer intermittent failures, and it's very difficult for the consumer to know the cause.
The code is “a gift to cyber criminals,” said Thomas Pore, director of IT and services for
Mirai was used to knock computer security writer Brian Krebs offline on September 13.
Expect more and more such attacks in the future, says Roland Dobbins, a DDoS expert with Arbor Networks. “We’re seeing more attackers becoming aware that embedded devices are an easy way to launch these attacks,” he said.
DDos attacks from the Internet of Things
DDos attacks have existed since at least 1999. They involve using a network of computers to bombard a website with millions of messages, so many that the system cannot cope and shuts down.
At one point Krebs' site Krebsonsecurity.com was receiving 665 Gigabits of traffic per second, one of the largest such attacks recorded, he wrote on his blog. It's something like streaming 65 3-D movies per second, and the torrent of data was so large it made it impossible to access the site.
Krebs believes the attack was in retaliation for his recent articles on two recently-arrested attackers.