On Thursday last week, while I was giving a talk at the Edinburgh International Conference Centre about cybercrime, a story spread like wildfire across the world’s media claiming that the small West African country of Liberia had been blasted off the internet by a massive DDoS attack:
Of course, if the Mirai botnet - or a botnet based upon Mirai - had succeeded in taking an entire country offline then that would indeed be something to get pretty worked up about. It’s easy to imagine how such a capability could be abused by online criminals or rogue nations in the future.
It appears the story came about after British security researcher Kevin Beaumont, who has been keeping a close eye on Mirai’s IoT-driven attacks, blogged about intermittent DDoS attacks against Liberia telecom providers.
Unfortunately, the media somehow managed to sprinkle some hyperbole into the mix, conflating the story into being that all of Liberia had been taken offline.
That, however, was simply not true - as security blogger Brian Krebs confirms:
Daniel Brewer, general manager for the Cable Consortium of Liberia, confirmed that his organization has fielded inquiries from news outlets and other interest groups following multiple media reports of a nationwide outage. But he could not point to the reason.
“Both our ACE submarine cable monitoring systems and servers hosted (locally) in LIXP (Liberia Internet Exchange Point) show no downtime in the last 3 weeks,” Brewer said. “While it is likely that a local operator might have experienced a brief outage, we have no knowledge of a national Internet outage and there are no data to [substantiate] that.”
Of course, the story is out there now that Liberia’s internet was brought to its knees by the Mirai botnet. My guess is that we will continue to hear the story presented as fact for years to come in breathless presentations by over-excitable security companies.
None of this is to say Mirai that is not a serious threat, of course, and that new botnets based upon its leaked code don’t pose a significant threat to internet infrastructure as they exploit poorly-protected IoT devices.