Download the Mirai source code, and you can run your own Internet of Things botnet

Hijacking millions of IoT devices for evil just became that little bit easier.

Download the Mirai source code, and you can run your own Internet of Things botnet

Fancy running your own botnet, hijacking control of Internet of Things (IoT) devices such as internet-enabled CCTV cameras and routers to bombard websites with distributed denial-of-service attacks?

Well, it’s just been made that little bit easier for you, with the release of the source code of Mirai, a family of malware capable of rapidly recruiting an army of poorly-protected devices and then commanding to launch attacks.

Security blogger Brian Krebs reports:

The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.

Vulnerable devices are then seeded with malicious software that turns them into “bots,” forcing them to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks designed to knock Web sites offline.

Just such an attack knocked Krebs’ website offline at the end of last month with what is thought to have been one of the largest DDoS attacks ever seen, after he exposed information about the inner-workings of vDOS, a DDoS-for-hire service.

Millions of new IoT devices are being plugged into the net every day, and many of them will have weak security just waiting to be exploited by online criminals. The flaws can range from shipping with default passwords that users never bother to change, to weak or non-existent encryption, to no infrastructure for updating devices if a vulnerability is found at a later date.

As I explain in the video below, an internet of things which doesn’t treat security and privacy as a priority puts all of us at risk.

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

2 Responses

  1. MeMyselfAndI

    October 6, 2016 at 11:48 pm #

    Where’s the beef, i.e., the torrent link, man?

  2. Mike Hunt

    November 19, 2016 at 8:38 pm #

    I wouldn’t have minded reading the entire article, looking for Mirai, if your title hadn’t been: “Download the Mirai source code, and you can run your own Internet of Things botnet” SERIOUSLY?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.