An army of hacked Internet of Things devices could be one of the reasons why your internet sucks today.
Image: Level 3
A massive botnet of hacked Internet of Things devices has been implicated in the cyberattack that caused a significant internet outage on Friday.
The botnet, which is powered by the malware known as Mirai, is in part responsible for the attack that intermittently knocked some popular websites offline, according to Level 3 Communications, one of the world's largest internet backbone providers, and security firm Flashpoint.
"We are seeing attacks coming from a number of different locations. We're seeing attacks coming from an Internet of Things botnet that we identified called Mirai, also involved in this attack," Dale Drew, chief security officer at Level 3 Communications, said on a livestream on Friday afternoon.
On Friday morning, someone targeted Dyn, a company that offers core internet services for popular websites such as Twitter, Spotify, Github, and many others. The attack mainly targeted Dyn's Domain Name System (DNS) management services infrastructure on the East Coast of the United States, according to the company.
Drew explained that whoever was behind the attack was using "about 10 percent" of the nodes that make up the Mirai botnet, which, as of this week, consisted of about half a million nodes, and counting.
The Mirai botnet is notable and concerning because it largely consists of unsecured Internet of Things devices, such as security cameras, which cannot easily be updated and thus are nearly impossible to secure. In other words, the Mirai botnet is growing rapidly and cannot easily be stopped.
In a statement sent to Motherboard, Flashpoint also reported seeing "Mirai attack commands issued against Dyn infrastructure," but also warned that "it is not yet clear if other botnets are involved."
Earlier on Friday, Marshal Webb, the chief technology officer of BackConnect, an anti-DDoS firm, had already posited that Mirai could be part of the attack.
"Someone has probably achieved hegemony with the Mirai source and slapped DYN to either hit them directly or a customer downstream," Webb told Motherboard in an online chat. "Nothing else would have enough legitimate devices to saturate DNS queries."
Dyn did not immediately respond to a request for comment.
Just a week ago, the US Computer Emergency Readiness Team (CERT) warned of the dangers of DDoS attacks powered by botnets made of Internet of Things devices. Given that the code behind Mirai has been public for weeks now, after a hacker published its source code on a hacking forum, US-CERT predicted more attacks. It seems like their prediction, unfortunately, was spot on.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.