IoT Botnet ‘Mirai’ source code made available online


Anna Senpai. This is the online handle for the creator of the Trojan botnet whose source code has been published online. The Trojan, named Mirai by the creator, has been used to launch attacks on over 380,000 internet of things devices every day. Apart from this Trojan, LizardStresser (another bot) had its source code published online in 2015 and has led to creation of another 100 bots according to research.

However, the creator of Mirai Trojan has decided to quit the business due to the increased interest in Internet of Things device attacks and has published the source code online as a final move. The source code was published after an attack directed at on an online forum.

Attacks on IoT devices is done to enslave the devices and use them to launch distributed denial of service attacks. These attacks take place every day since the devices have volatile storages which means that they are “cleansed” after each reboot. Due to the increased attack on IoT devices, ISPs have taken an interest on the attacks and have been cutting connections with the affected devices. As a result, the attacked devices have reduced from the previously stated 380,000 to 300,000.

There exists a couple of security firms that protect their customers against such attacks. However, only a few will mitigate against 1Gbps attacks. The bots have increased their capabilities over time with experiencing a 620Gbps attack. As a result, Krebs’ security firm disassociated themselves from Krebs after the attack since the attack was a bit too expensive for them to mitigate. These attacks on devices are however expected to only get worse and worse.

This is because of the increasing market of the Internet of Things devices which are prone to attacks due to their security gaps. These attacks are possible because of the huge security flaws or gaps on the IoT devices. As reported in certain blogs, the IoT devices have challenges such as increased security risks, unexpected uses of user data, ubiquitous data collection among others. As a result, a huge opening has been created for anyone willing to make any attacks.

The availability of online source code for the botnets will only contribute to a rapid growth in these attacks.

Attacks on devices such as routers, modems, video recorders, network attached storage systems has been around for a while. For instance, Impervia, a security firm, previously detected a DDoS attack which was a HTTP flood used to overload a resource on a cloud service. However, the malicious requests were from surveillance cameras. After the mitigation of that attack, yet another DDoS attack was launched. It was detected to have come from a botnet of network attached storage devices.