In the News
A 21-year-old Washington man has pleaded guilty to creating botnets that converted hundreds of thousands of routers, cameras, and other Internet-facing devices into money-making denial-of-service fleets that could knock out entire Web hosting companies.
The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords.
The digital assault surpassed 660 Gbps of traffic, making it one of the largest recorded in history in terms of volume.
Security researchers have caught hackers lashing together Internet-connected devices in a botnet they’re calling Torii, which uses techniques not seen in an IoT botnet before—including intercepting and stealing data, and using the Tor Project network to hide its network traffic.
China is aggressively seeking to dominate the Internet of Things and plans to use access to billions of networked electronic devices for intelligence-gathering, sabotage, and business purposes, according to a forthcoming congressional report.
Mirai took advantage of insecure IoT devices in a simple but clever way. It scanned big blocks of the internet for open Telnet ports, then attempted to log in default passwords. In this way, it was able to amass a botnet army.