Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Botnet Security The Internet

Mirai Botnet Attackers Are Trying To Knock Liberia Offline (zdnet.com) 73

Zack Whittaker, reporting for ZDNet: One of the largest distributed denial-of-service attacks happened this week and almost nobody noticed. Since the cyberattack on Dyn two weeks ago, the internet has been on edge, fearing another massive attack that would throw millions off the face of the web. The attack was said to be upwards of 1.1 Tbps -- more than double the attack a few weeks earlier on security reporter Brian Krebs' website, which was about 620 Gbps in size, said to be one of the largest at the time. The attack was made possible by the Mirai botnet, an open-source botnet that anyone can use, which harnesses the power of insecure Internet of Things devices. This week, another Mirai botnet, known as Botnet 14, began targeting a small, little-known African country Liberia, sending it almost entirely offline each time. Security researcher Kevin Beaumont, who was one of the first to notice the attacks and wrote about what he found, said that the attack was one of the largest capacity botnets ever seen. One transit provider said the attacks were over 500 Gbps in size. Beaumont said that given the volume of traffic, it "appears to be the owned by the actor which attacked Dyn." An attack of that size is enough to flatten even a large network -- or as was seen this week, a small country. Update: 11/03 19:37 GMT: The title of the story (same as the ZDNet's story) was updated to mention the name of the country. The summary was updated to reflect the same, as well.
This discussion has been archived. No new comments can be posted.

Mirai Botnet Attackers Are Trying To Knock Liberia Offline

Comments Filter:
  • which damn country? (Score:3, Informative)

    by Anonymous Coward on Thursday November 03, 2016 @02:25PM (#53207883)

    Is that too hard to put in the post, which country?

    It's Liberia.

    • by sciengin ( 4278027 ) on Thursday November 03, 2016 @02:27PM (#53207901)

      Mod him up please.

      I almost considered to RTFM.
      Thanks to him I was saved.

      • I almost considered to RTFM.

        It's in the title:

        Mirai Botnet Attackers Are Trying To Knock Liberia Offline

        I realize this is /., but I thought most people read the title and then started making accusations.

        It's also in TFS, though not in the first sentence.

        This week, another Mirai botnet, known as Botnet 14, began targeting a small, little-known African country Liberia...

        Which is better than the actual source. They don't have the country in the title, and you have to scroll past a picture and the first paragraph to see which country it is. It's also first mentioned in a picture of a Twitter post before it's actually in the article. Believe it or not, the /. posting is better than the actual source with reg

    • Eurocentrism (Score:5, Informative)

      by FranklinWebber ( 1307427 ) <franklin@eutaxy.net> on Thursday November 03, 2016 @02:45PM (#53208085) Homepage

      It's not just the post: the linked article fails to name the country until the 7th paragraph.

      Re: "small, little-known African country":
      -- Liberia has more land area than Portugal or Hungary or Austria.
      -- Liberia is well-known to USers as a destination for freed slaves in the 19th century.

      Seems like the author of the article could use a broader perspective.

      • There was a recent ebola outbreak in Liberia. "little-known" seems like a big stretch.

      • Re: (Score:3, Interesting)

        by nukenerd ( 172703 )

        Re: "small, little-known African country":
        -- Liberia has more land area than Portugal or Hungary or Austria.
        -- Liberia is well-known to USers as a destination for freed slaves in the 19th century ... Seems like the author of the article could use a broader perspective.

        You could do with some broader perspective too. Not everyone in the World is interested in a 19th century destination for freed US slaves, even if it interests some Americans as such. In the UK here I doubt that one person in 20 could point to it on a map or even know that it is in Africa. It did have a claim to fame once as having the largest fleet of merchant ships in the world (as a flag of convenience). Land area has nothing to do with it.

        Oh, before you accuse me of narrow-mindedness, I am a bit exc

    • Is that too hard to put in the post, which country?

      It's Liberia.

      "Suffice to say 'Liberia' is one of the words the Knights of Ni! cannot hear!"

    • Is that too hard to put in the post, which country?

      It's Liberia.

      And the article calls Liberia a "little-known country"?!? WTF?

      Liberia is hugely important in world history, having adopted a Constitutional Government in 1947, although it was inhabited before then. Who took part in this mass migration? A particular group of humans in the US who were emancipated from being chattels (property) used for uncompensated labor (slavery). . . to being people under US Law. A lot of them wanted to go back at leastto their home continent, and many probably wanted to just get the

      • 1847, NOT 1947.

        Yes, that was roughly 20 years before the US Constitutional Amendment banning chattel slavery, but there were indeed some "free men" at the time. It's the source of the surname "Freeman".

  • Given the last response, anyone else have a bad feeling that on November 8th we're going to have a Blackout in America?
  • seriously, I'm astoundingly impressed that this magnitude of data can bring an entire country's infrastructure to it's knees. The power that this botnet has is unprecedented, this is a digital Godzilla (DigiZilla?) running rampant on the streets of LIberia with the only defense some antiquated machine guns.

    I'm not condoning this by any stretch of the means but I damn sure am amazed from a spectator's point of view. /hope they catch these guys //electrocute them with cattle prods ///then toss them in a shar
  • I was hoping it would be Denmark.

    I'd have enjoyed a sensible chuckle if South Park had been spot on yet again.

  • What devices are in the Mirai botnet?

  • In my opinion, this demonstrates some simple things.

    If the IoT creators cannot be bothered to properly secure their devices out of the gate, then they need to give some nonvolatile storage of some kind that can hold the files in /etc, and perhaps /home.

    It does not need to be big. 2mb would be spacious.

    Just enough that the init system can be tailored, the root password can be changed, and the cryptokeys can be regenerated and retained.

    That way somebody can honest to god actually secure their device after pur

    • by Pascoea ( 968200 )

      That way somebody can honest to god actually secure their device after purchase. You know, disable that open Telnet daemon, change the default root password, and use some hard to crack 4096bit keys for SSH that aren't all over the damn net.

      Sure, I bet my grandpa, who just wants a DVR to record his outdoor cameras, will be able to accomplish what you just outlined. I mean, I certainly understand that what you are describing needs to be accomplished, it is has just been proven (time and time again) that the end user isn't going to do it.

      From my armchair perspective of what's going on, these devices aren't getting exploited by some hard-to-find backdoor, they are getting exploited by having the same damn password on every device that ships. THAT

      • See my reply to the AC.

        Easy to fix. Always unique keys, always unique root passwords. Cheap and easy to implement.

        Unless inserting a CD and running SETUP is to hard for your grandpa, anyway.

        • by Pascoea ( 968200 )
          You haven't met my grandpa...
        • No, how about programmers put their shit together and send the thing properly secured and stop passing the buck to the rest of the world? Is not your problem, it's grampa problem, or marketing problem, or PHB problem, never a problem with the people that actually copy pasted the Linux on those things.

          I also love how in the whole discussion nobody mentions most of these things are running Linux and how Linus should be brought to the international court of justice which is the standard procedure when Micro
          • These devices would be just as terrible running any other OS, since they basically tell the whole universe how to log into then with cookie cutter default credentials.

            • I don't know, by default no updated install of windows or OS X can be telnetted/ftped from the outside with any sort of "default" password. Comparison is tricky because you can't really compare a kernel+webstack+controllers with a full blown desktop OS, you are right but it does not negate my point, programmers have to apply the most basic security checks, and any company that fails to employ proper professional should be taken out of business. Just like any government can close any factory that pollutes a
  • by sehlat ( 180760 ) on Thursday November 03, 2016 @03:00PM (#53208229)

    Why do I have the feeling that this is a dry run, with bigger target(s) in mind?

    • Hey Look! We took an entire country offline.
      • by sehlat ( 180760 )

        Hey Look! We took an entire country offline.

        Maybe. Liberia is small potatoes, though. The bigger the ultimate target, the bigger the street cred. I seriously doubt, however, that anybody would take down an entire country of any size just for bragging rights.

  • by Anonymous Coward

    Liberia was supposed to be the America of Africa, until the locals DID NOT WANT. In fact it's capitol was named after one of our presidents.

    Not exactly "little known"

  • by h4ck7h3p14n37 ( 926070 ) on Thursday November 03, 2016 @03:54PM (#53208625) Homepage
    Why don't affected organizations simply publish a host file for people to use until DNS service has been restored?
    • by TroII ( 4484479 )

      This wasn't an attack on DNS, it was an attack on all transit into and out of Liberia.

  • The error is both in the summary and the original

    The attack was said to be upwards of 1.1Tbps -- more than double the attack a few weeks earlier on security reporter Brian Krebs' website, which was about 620Gbps in size,

    It's easy enough to do in your head - 1.1Tbps is less than half 620.Gbps. It would have had to be more than 1.24 Tbps, more than 10% larger than the claimed "upwards of 1.1Tbps", and there's no indication in the original story that it ever got anywhere near that high. Aside from satellite connections, the single fibre connection s the only way in or out. That is confirmed by the article stating that the attack was directed against one of the two companies coo

  • You say Liberia is a little known country. But every Liberian I've asked today knows lots about it!

You know you've landed gear-up when it takes full power to taxi.

Working...