The hacker who’s been claiming a monopolistic control over the Mirai botnet tried to take down the well-known anti-spam Spamhaus.
Image: Mike Mozart/Flickr
A hacker who last month claimed to have created a new massive army of hacked Internet of Things devices is attacking the anti-spam organization Spamhaus with a distributed denial of service (DDoS) attack. But, at least for now, he's failing to take it down.
The hacker, who goes by the moniker BestBuy, told Motherboard on Tuesday that he wanted to send a message to Spamhaus, accusing it of being an organization of "blackmailers."
"Spamhaus are fucking us over everywhere," he said in an online chat on Twitter. "They put their nose where it does not belong [...] We are fucking pissed."
The attack is a reminder that despite it being almost two months since one of the worst DDoS attacks ever, carried out with the Internet of Things botnet Mirai, cybercriminals are still using it to carry out attacks, seemingly unfazed.
"Spamhaus are fucking us over everywhere [...] We are fucking pissed."
The hacker said that at the beginning at least the attack wouldn't be too strong, "just a 'ping,' something like 'hi, we see what you are trying, stop.'" BestBuy didn't elaborate too much on why he was so angry at Spamhaus, only saying Spamhaus was shutting down some of his server's IPs.
BestBuy claimed that he was using only 200,000 hacked Internet of Things devices for the attack, but he would increase the count to 800,000 if Spamhaus didn't go down. The hacker was using the bots to target Spamhaus' DNS servers.
"DNS attack is small but they will get 5~TBps soon or later if they don't crawl back into their little hole," he said.
A spokesperson for Spamhaus, which was victim of one of the largest DDoS attacks ever in 2013, said on Wednesday that the attack appears to be ongoing, "but it's difficult to tell because it's not really doing anything to us...our services are working fine."
"We have just a handful of reports that some users have trouble reaching our website/DNS from some networks," he added.
"It's difficult to tell because it's not really doing anything to us."
An independent security researcher that goes by the name 2sec4u, who has been tracking Mirai botnets and attacks for weeks, confirmed that BestBuy's botnet was attacking Spamhaus on Tuesday.
"They're being DDoSed for sure," 2sec4u told Motherboard in a Twitter message.
MalwareTech, who's also been tracking Mirai along with 2sec4u, said that it's unclear how strong the attack is—only Spamhaus can reveal that—but BestBuy's botnet is made of one million bots, though the hacker "never utilizes all bots."
The researchers said that it appears Spamhaus is withstanding the barrage, but they had to update their DNS from a mix of providers to only Amazon cloud services.
Another day, another massive attack carried out thanks to the Internet of (Hackable) Things.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.