The Mirai botnet infected a couple hundred thousand Internet of Things devices last year by seeing if the default userid and password was not changed. If it was not changed, it took over the device. That attack then took down Dyn, a very high end DNS service. When Dyn went down, so did Dyn’s customers like Amazon and Netflix.
What would happen if a new botnet network that was 10 times the size of Mirai appeared – what could that do to the Internet?
Well that new botnet network is here. It is called Reaper. It is already ten times the size of Mirai. At least.
What makes Reaper different than Mirai is that instead of just looking for default passwords, Reaper uses known vulnerabilities of IoT devices and looks for devices that have not been patched.
When was the last time you patched your dishwasher or webcam? If you are like most people, you have never patched your IoT devices. If you have not patched them then they could become part of this new botnet.
To make it harder to take down, it uses a mesh network of control servers. Take one down and another takes over.
Right now Reaper is not doing anything malicious. That doesn’t mean that it won’t do something next week or next month.
The experts seem to think that Reaper is an experiment. The author wants to see if the idea works. It seems to me that this experiment is working!
So what happens if the people in charge of Reaper decide to go on the attack? The size of the Reaper network is being artificially constrained because the current version of the software only looks for 9 unpatched vulnerabilities. What would happen to the size of the network if it looks for 30 unpatched vulnerabilities? Or 50? That could make that million infected devices look small.
The software has the ability to automatically update itself, so if the owners of the network wanted to, they could update the software to look for more vulnerabilities and more potentially infected devices.
Given that the U.S. is very dependent on Internet for our businesses and personal lives, if an attack were to take it down, the ripple effect could be very large.
But we really don’t know what the botnet controller has in mind.
It likely is not good, however.
Information for this post came from Wired.