Happy about your latest Google Home purchase? Or any other smart home device that makes your life easier by providing you the benefits of the Internet of Things? Well, here's something to be wary of: your trusty automated home devices could be transformed into a malicious army of bots that hold your life ransom.
Sound scary? This is what happened on Friday, as major tech companies like Twitter, Netflix, Reddit, Amazon, Spotify — which are catered to by a major DNS service-provider called DYN — suffered malfunctions in their service, an internet outage, because of a malware attack. A DNS essentially helps the computer make sense of a website name by linking it with its IP address.
Websites affected by >#DDoS : •Twitter •Amazon •CNN •Reddit •Nytimes •PayPal •Spotify •SoundCloud •AirBnB •HBO •Netflix •Etsy •Github •Vox
— Joyce Karam (@Joyce_Karam) >October 21, 2016
This malware, now identified as 'Mirai', essentially infects Internet-of-Things devices, floods them with artificial commands and causes them to shut down under a DDoS (distributed denial of service) attack — which means that the devices simply go dead and refuse to perform their functions because of server overload.
DYN said in an interview to CNBC that the "attacks were well-planned and executed, coming from tens of millions of IP addresses at the same time".
1022 >pic.twitter.com/zBXkJcRtPw
— mirai (@mirai_CT) >October 21, 2016
Mirai, FYI, has been known to have been responsible for the recent massive attack on cybersecurity news outlet KrebsOnSecurity. It is a botnet malware that was created by someone with the alias of Anna-Senpai, a name that is believed to be a reference to a Japanese novel series Shimoseka , which depicts a dystopian policed world somewhat like George Orwell's 1984 .
How does Mirai do its dirty work?
Mirai runs brute-force scans of default usernames and passwords used by the home devices. Usually, owners of these gadgets use very weak login credentials — usernames and passwords — either because they prioritise ease-of-use and convenience or because of the apparently harmless nature of home appliances.
Why the hell are people linking Dyn DDoS/Mirai to the Russian government. Super-powerful botnets aren't just state weapons: that's the point
— Anonymous (@GroupAnon) >October 22, 2016
Once the botnet identifies devices that still use default login credentials, it takes control of the gadget and proceeds to pump forged user requests into the service's network, causing its server to shut down and the website to go offline.
Ugh. Mirai is so simple. It just telnets to random ips with a short list of default u/p combos. We're doomed. >https://t.co/7xMyEyy6cM
— Nat Friedman (@natfriedman) >October 21, 2016
Mirai can affect a bunch of IoT devices, including CCTV cameras, TV video-recorder or even your digital refrigerator.
Who could be responsible for the attack?
It is anybody's guess, really. Because, the Mirai source code was recently leaked and made publicly available by Anna-Senpai on Hackforums, according to KrebsOnSecurity.
ICYMI, the tool used for the global >#DDoS that happened yesterday is open-source >https://t.co/OELmWqGAFX>#Mirai>#botnet>#IoT
— x0rz (@x0rz) >October 22, 2016
What can owners of smart devices do now?
Well, as with most things under the sun, you can reboot your device. But be warned, the botnets are so industrious that they are running scans constantly. So, it is highly likely that your device could be infected again the moment it reboots.
According to ISP and telco Level 3, users may be advised to upgrade their devices and set strong passwords for starters, thereby making it harder for Mirai and other such IoT botnets to hack into or crack them. Another way is for ISPs to set up protection against 'spoofing', which is what the botnet does when it impersonates the users and spurts out a flurry of nonsensical commands and floods the traffic.
