Mirai Botnet

Written By Jeremy Pickett

History and Origins

The Mirai botnet first emerged in August 2016.It was created by Paras Jha, Josiah White and Dalton Norman, who were college students at the time.The malware was initially used to launch DDoS attacks against Minecraft servers and companies offering DDoS protection to Minecraft servers.In September 2016, the Mirai botnet was used to launch massive DDoS attacks against the website of security journalist Brian Krebs and French web host OVH.These attacks reached unprecedented sizes, with the OVH attack peaking at over 1 Tbps.On September 30, 2016, the source code for Mirai was publicly released on a hacker forum.This allowed other cybercriminals to create their own variants and launch further attacks.

How Mirai Works

Mirai targets IoT devices like routers, security cameras, and DVRs that run Linux.It scans the internet for vulnerable devices and attempts to log in using default or weak credentials.Once infected, devices become part of the botnet and can be used to launch DDoS attacks.At its peak, Mirai infected over 600,000 IoT devices.The botnet's power comes from harnessing large numbers of infected devices to generate massive amounts of traffic.

Major Attacks

Some of the most notable Mirai attacks include:

  • September 2016: DDoS attacks on Brian Krebs' website and OVH

  • October 2016: Attack on DNS provider Dyn that disrupted major websites like Twitter and Netflix

  • November 2016: Attack on Liberia's internet infrastructure

  • November 2016: Attack that disrupted internet service for Deutsche Telekom customers in Germany

Legal Developments

In December 2017, Paras Jha, Josiah White and Dalton Norman pleaded guilty to crimes related to creating and using the Mirai botnet.They were sentenced to probation and community service.In 2018, Daniel Kaye (aka "BestBuy") was extradited from Germany to the UK and pleaded guilty to using a Mirai botnet variant to attack banks.Also in 2018, Kenneth Schuchman was indicted in the US for allegedly creating Mirai variants like Satori and Okiru.

Ongoing Threat

Although the original creators were caught, the public release of Mirai's source code has allowed it to continue evolving. New variants with additional capabilities continue to emerge and pose an ongoing threat to IoT security.

Jeremy Pickett
Previous

Qilin Ransomeware is Back
Next

APT41, Double Dragon