Why a Hacker Dumped Code Behind Colossal Website-Trampling Botnet

Now you can build your own mega botnet.

A hacker going by the name “Anna-senpai” released the source code that controlled an army of zombified Internet of Things devices that recently barraged KrebsOnSecurity, a website operated by Brian Krebs, an independent security researcher and blogger. An attacker had used the code to launch a massive distributed denial of service attack against the site’s computer servers, reaching a staggering maximum of 620 gigabits per second (Gbps) in bogus Internet traffic during the pummeling.

Krebs spotted the leak on a forum called HackForums a day after Anna-senpai posted it on Friday. Krebs confirmed that the malicious software, called “Mirai” by the hacker, was responsible for the attack on his site, he wrote in a blog post, without providing additional details. (Fortune has reached out to Krebs to request more information.)

Mirai worked by scouring the Internet for unsecured devices, like webcams and routers, which are protected only by easily hackable default passwords. The malware corralled these machines into a sprawling network under the control of administrators who could then blast websites of their choice.

The hacker claimed to be dumping the code because it was now attracting unwanted attention. The likely logic: releasing Mirai into the wild where others can pick it up might help mask the identity of its originator as investigators start poking around.

“When I first go in DDoS industry, I wasn’t planning on staying in it long,” Anna-senpai wrote in a forum post. “I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO,” he wrote, using the slang for “get the f— out.”

Get Data Sheet, Fortune’s technology newsletter.

Thomas Pore, director of IT and services at Plixer, a network monitoring firm, wrote to Fortune that “The code is a gift to cyber criminals looking to enter the popular market of DDoS as a Service,” where entrepreneurial botmasters rent out their networks for others’ use.

Dale Drew, chief security officer at Level 3 Communications (LVLT), a telecom provider based in Broomfield, Colo., told Fortune, “By releasing this source code, this will undoubtedly enable a surge in botnet operators to use this code to start a new surge in consumer and small business IoT compromises.”

The hacker said that after striking Krebs, Internet service providers have been “slowly shutting down and cleaning up their act” and that the network had dropped to roughly 300,000 infected devices from around 380,000 at its height.

Google (GOOG) swooped in to save Krebs’ trampled site last week after Akamai (AKAM), the cloud provider that had been protecting Krebs from denial of service attacks free of charge, dropped him.

Reiner Kappenberger, global product manager at HPE (HPE) Security-Data Security, told Fortune that “The current lack of guidance and regulations for IoT device security is one of the bigger problems in this area and why we see breaches in the IoT space rising.” He added, “Companies entering this space need to think about longer term impact of their devices.”

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward