As most of us know, one of the largest ddos attacks took place on October 21st of this year and took out some of the most popular sites on the Internet. Whoever is behind the Mirai botnet is responsible.
Dyn was not the only target of this massive network. Mirai also took out the French ISP called OVH, as well as Brian Kreb’s highly followed security blog. After the success of these attacks, the Mirai creators made their code open-sourced so other attackers could leverage their platform and launch their own botnet attacks.
So now what?
Apparently the Mirai botnet consists of over 400,000 infected devices scattered around the globe and if you’d like to launch your own attack, you can rent this network to do so. The Mirai botnet specifically targets IOT devices, which are essentially any device you can fathom that connects to the internet. Think of your car stereo, advanced in home devices like alarm systems, or even a drone. Everything connects to the Internet these days, and therefore, is susceptible to malware.
So now, there have been many Mirai botnets showing up all over the globe. Two fairly anonymous security researchers have provided some more in depth information on Mirai. They only go by their nicknames and can be found on Twitter with the handles @2sec4u and @malwaretech.
They say that most of the attacks they track are pretty small, but there is one that is the daddy Mirai. This network is larger than the rest put together.
There are 2 reputable sources in charge
There are two hackers out there that go by the names of BestBuy and Popopret. They are responsible for a spam attack carried out via XMPP/Jabber, and are also announcing a ddos-for-hire service built off of Mirai. They claim to be controlling 400k devices, but there isn’t 100% confirmation on this yet. I am sure we will hear more as the days go on.
These two hackers however, have a serious track record and aren’t messing around. They are the same ones responsible for the GovRat attack that was used to compromise data of many US companies. They were also very active on the notorious Hell hacking forum, which was considered an elite hackers club.
What do these hackers have to say?
Not much. Sources have tried to communicate to them, but haven’t been able attain much helpful information. Here is what they have said…
Customers of their service can rent as many infected devices as they want for a period of 2 weeks. Prices depends on the number of bots, duration of the attack, and a cool down period. Discounts are only given based on using longer “cool down” periods. The cool down period is essentially the time between attacks. It helps to avoid connection issues and bandwidth waste for the most part.
To put this into numbers, Popopret said for 50k botnets, at 1 hour, and a 10 minute cool down, you’re looking at $3-$4k for the 2 weeks.
That’s about all the information they were willing to share.
Leave a Reply