The Mirai Botnet

A DDoS[1] attack on US internet service provider Dyn took place on the 21st of October, 2016. The attack took the form of a botnet of internet connected devices (primarily Digital Video Recorders and Webcams) simultaneously accessing Dyn’s internet facing servers. The botnet was instructed to attempt access of the servers indefinitely. The attack was successful and millions of US internet users we affected by Dyn’s service outage in addition to service disruptions to popular internet sites, including Airbnb, GitHub, Reddit, Spotify and Twitter[2]. An example of weaponizing of IoT, the attack on Dyn was implemented via infection of inadequately-secured IoT devices with the open-source Mirai Botnet software. Mirai infection is achieved via scanning of the internet for IoT devices and attempting access via default usernames and passwords. Webcam and digital video recorder products from Chinese company Hangzhou Xiongmai Technology were used in the assault[3]. Parties answerable for this Mirai-based attack have not been openly identified. Another botnet utilising a newer version of the Mirai malware (Linux.Mirai) was utilised in a wave of attack in Germany, exploiting a weakness found in routers used in that country and crippling internet access for 900 00 home users.[4]

  1. Distributed Denial of Service
  2. Vaughan-Nichols, “How to defend against the internet’s doomsday of DDoS attacks”, p. 1
  3. Gao, “Chinese Firm Says Its Cameras Were Used to Take Down Internet”, p.1
  4. Symantec, “Mirai: New wave of IoT botnet attacks hits Germany”, p. 1