Mirai shocked the internet-and its own creators, according to the FBI-with its power as it grew. It didn’t take long for the incident to go from vague rumblings to global red alert. They crossed the artificial threshold of 100,000 bots that others had really struggled with.” “It’s really powerful-they figured out how to stitch together multiple exploits with multiple processors. Everyone was playing catch-up,” Peterson says. “The security industry was really not aware of this threat until about mid-September. Since most users rarely change default usernames or passwords, it quickly grew into a powerful assembly of weaponized electronics, almost all of which had been hijacked without their owners’ knowledge. The new malware scanned the internet for dozens of different IoT devices that still used the manufacturers’ default security setting. “From the initial attacks, we realized this was something very different from your normal DDoS,” says Doug Klein, Peterson's partner on the case. Whereas the vDOS botnet they’d been chasing was a variant of an older IoT zombie army-a 2014 botnet known as Qbot-this new botnet appeared to have been written from the ground up. Yet as that case proceeded, the investigators and the small community of security engineers who protect against denial-of-service attacks began to hear rumblings about a new botnet, one that eventually made vDOS seem small.Īs Peterson and industry colleagues at companies like Cloudflare, Akamai, Flashpoint, Google, and Palo Alto Networks began to study the new malware, they realized they were looking at something entirely different from what they'd battled in the past. All three-Paras Jha, Josiah White, and Dalton Norman, respectively-admitted their role in creating and launching Mirai into the world. The truth, as made clear in that Alaskan courtroom Friday-and unsealed by the Justice Department on Wednesday-was even stranger: The brains behind Mirai were a 21-year-old Rutgers college student from suburban New Jersey and his two college-age friends from outside Pittsburgh and New Orleans. Then, on a Friday afternoon in October 2016, the internet slowed or stopped for nearly the entire eastern United States, as the tech company Dyn, a key part of the internet’s backbone, came under a crippling assault.Īs the 2016 US presidential election drew near, fears began to mount that the so-called Mirai botnet might be the work of a nation-state practicing for an attack that would cripple the country as voters went to the polls. It was a hard story to miss last year: In France last September, the telecom provider OVH was hit by a distributed denial-of-service ( DDoS) attack a hundred times larger than most of its kind. What drove them wasn’t anarchist politics or shadowy ties to a nation-state. The most dramatic cybersecurity story of 2016 came to a quiet conclusion Friday in an Anchorage courtroom, as three young American computer savants pleaded guilty to masterminding an unprecedented botnet-powered by unsecured internet-of-things devices like security cameras and wireless routers-that unleashed sweeping attacks on key internet services around the globe last fall.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |