Did the Mirai botnet knock Liberia offline? Not so much

Despite the many media headlines, this attack was over-hyped.

LiberiaDid the Mirai botnet knock Liberia offline? Not so much

On Thursday last week, while I was giving a talk at the Edinburgh International Conference Centre about cybercrime, a story spread like wildfire across the world’s media claiming that the small West African country of Liberia had been blasted off the internet by a massive DDoS attack:

Of course, if the Mirai botnet - or a botnet based upon Mirai - had succeeded in taking an entire country offline then that would indeed be something to get pretty worked up about. It’s easy to imagine how such a capability could be abused by online criminals or rogue nations in the future.

It appears the story came about after British security researcher Kevin Beaumont, who has been keeping a close eye on Mirai’s IoT-driven attacks, blogged about intermittent DDoS attacks against Liberia telecom providers.

Unfortunately, the media somehow managed to sprinkle some hyperbole into the mix, conflating the story into being that all of Liberia had been taken offline.

That, however, was simply not true - as security blogger Brian Krebs confirms:

Daniel Brewer, general manager for the Cable Consortium of Liberia, confirmed that his organization has fielded inquiries from news outlets and other interest groups following multiple media reports of a nationwide outage. But he could not point to the reason.

Both our ACE submarine cable monitoring systems and servers hosted (locally) in LIXP (Liberia Internet Exchange Point) show no downtime in the last 3 weeks,” Brewer said. “While it is likely that a local operator might have experienced a brief outage, we have no knowledge of a national Internet outage and there are no data to [substantiate] that.”

Of course, the story is out there now that Liberia’s internet was brought to its knees by the Mirai botnet. My guess is that we will continue to hear the story presented as fact for years to come in breathless presentations by over-excitable security companies.

None of this is to say Mirai that is not a serious threat, of course, and that new botnets based upon its leaked code don’t pose a significant threat to internet infrastructure as they exploit poorly-protected IoT devices.

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.