It Could Get Ugly, Source Code For 'Mirai' IoT DDoS Botnet Released To The Wild

Well, this isn't good. The source code for the botnet that took KrebsOnSecurity down by tapping into an unprecedented number of Internet of Things (IoT) devices has been released to the public. It's availability virtually ensures that distributed denial of service (DDoS) attacks equal in size or even larger will follow, creating financial headaches and service disruptions for companies both big and small.

Brian Krebs, a renowned security expert and author of the aforementioned blog, recently found his website the target of one of the largest DDoS attacks in history. The massive attack brought in a record 620 gigabits per second of traffic. That's almost twice as much as Akamai, the cloud provider that was offering service to Krebs for free, had ever defended against. As the attack wore on, Akamai decided to dump Krebs as a no-cost client as it was becoming too costly to continue processing all that traffic.

The malware powering the botnet behind the record attack is called Mirai. According to Krebs, it spreads to vulnerable devices by looking for and taking advantage of IoT gadgets using factory default or hard-coded usernames and passwords. Once it finds a vulnerable device, malicious software is loaded onto it, turning the gadget into a bot that a bot that reports to a central control server used for launching DDoS attacks.

A hacker who goes by the online nickname Anna-senpai released the source code for Mirai on Hackforums, an English-language hacking community.

"When I first go in DDoS industry, I wasn’t planning on staying in it long," Anna-senpai stated in the post. "I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping."

Krebs said he's been able to confirm that the botnet that targeted his blog was powered by Mirai, though it's not the only major malicious code that employs IoT devices in such manner. There's at least one other major strain called Bashlight. Like Mirai, it spreads to systems using default username and password combinations.

This is the future, folks. In time, vendors and the population at large will take IoT security more seriously as these types of attacks draw increased media attention. In the meantime, you can stay ahead of the 8-ball by ensuring you're practicing good IoT security, tips for which you can find here.