Mirai Botnet Creators Plead Guilty

The creators of the Mirai botnet pleaded guilty earlier this month in an Anchorage courtroom.

The Mirai botnet unleashed a distributed denial of service attack on the French cellular carrier OVH and another DDoS attack against DYN, the DNS provider for Amazon, Netflix and many other heavy duty web sites.

The DDoS attacks took those and other sites down, confusing and inconveniencing users.  For a while, the feds those this was going to turn into an attack on critical infrastructure.

But the interesting part is what Paul Harvey used to call “the rest of the story”.

Mirai was created by a Princeton University student and two others.  But the why is the interesting part.  They were running a Minecraft server and in order to make more money, they had to get more kids to sign up for their server rather than their competitors.  The easy way to do this – take out their competitor’s Minecraft servers.  And take them out, they did.  Along with a LOT more.

In the first 20 hours, Mirai took over 65,000 Internet of Things devices.  It then DOUBLED in size every 76 minutes, eventually stabilizing at around 200,000 to 300,000 devices.  At it’s highest level, it was controlling 600,000 devices.

The scary thing is that the attack was not very sophisticated.  The Reaper attack that I wrote about the other day is way more sophisticated and way more dangerous if it is weaponized.

When Mirai went after OVH, the attack peaked at 1.1 terabits per second of garbage traffic.  Before then, a large DDoS attack was in the 10 to 50 gigabits per second range, so this attack was probably 20 to 100 times the size of what was considered a large attack.

For some sites like Brian Krebs, who was also attacked, the attack was so large that their DDoS prevention services – in Brian’s case, Akamai – shut down his web site.  Brian was off the air until Google stepped in to host him.  For Google’s engineers, this was likely considered a challenge.  After all, I am sure that Google faces lots of attacks themselves and if they could stop this attack (almost 700 gigabits per second), then they would be able to stop a similar attack against them.

We do not know what kind of sentences these three will face, but I am completely OK if it is a very long one.  They did some serious damage.

Information for this post came from Wired.


Leave a Reply

Your email address will not be published.