Mirai Malware Simplifies Internet Attacks

A massive internet attack that paralyzed Twitter, Netflix and other services is being blamed on a specific kind of malware designed to harness the power of ordinary consumer devices.

The bad news: Using it isn't particularly hard and doesn't require much money. The malware, known as Mirai, was recently posted online for others to adapt for their own attacks.

Researchers say Mirai exploited security vulnerabilities in thousands of internet-connected devices such as web cameras, then used those devices to attack a major internet firm, resulting in widespread outages. Researchers say Mirai has been used before, but not on the scale of Friday's attacks.

Here's a look at Mirai and what makes it so destructive.

What Happened?

Dyn Inc., an internet company in Manchester, New Hampshire, said its servers were hit by a distributed denial-of-service attack. These types of attacks work by overwhelming targeted computers with junk traffic, so legitimate traffic can't get through.

Jason Read, founder of the internet performance monitoring firm CloudHarmony, said his company tracked a half-hour-long disruption early Friday affecting access to many popular sites from the East Coast. A second attack later in the day spread disruption to the West Coast as well as some users in Europe.

What Made This Attack So Nasty?

While distributed denial-of-service attacks have been around for years, hackers have many more devices they can use to pull off their attacks, thanks to the proliferation of internet-connected cameras, thermostats, lights and more.

And Mirai makes it easy for a would-be attacker to scan the internet for devices to take over and turn into "botnets" for launching coordinated attacks, Chris Carlson of the cybersecurity firm Qualys said.

While botnets have been used as weapons for nearly a decade, they have typically been employed by organized crime groups that targeted websites involved in less-than-savory businesses such as pornography or gambling. Those sites pay...

Comments are closed.