You Can Now Rent A Mirai Botnet Of 400,000 Bots (bleepingcomputer.com) 62
An anonymous reader writes: Two hackers are renting access to a massive Mirai botnet, which they claim has more than 400,000 infected bots, ready to carry out DDoS attacks at anyone's behest. The hackers have quite a reputation on the hacking underground and have previously been linked to the GovRAT malware, which was used to steal data from several US companies. Renting around 50,000 bots costs between $3,000-$4,000 for 2 weeks, meaning renting the whole thing costs between $20,000-$30,000.
After the Mirai source code leaked, there are countless smaller Mirai botnets around, but this one is [believed to be the one] accounting for more than half of all infected IoT devices...that supposedly shut down Internet access in Liberia. The original Mirai botnet was limited to only 200,000 bots because there were only 200,000 IoT devices connected online that had their Telnet ports open. The botnet that's up for rent now has received improvements and can also spread to IoT devices via SSH, hence the 400,000 bots total.
Interestingly, the article claims the botnet's creators had access \to the Mirai source code "long before it went public."
After the Mirai source code leaked, there are countless smaller Mirai botnets around, but this one is [believed to be the one] accounting for more than half of all infected IoT devices...that supposedly shut down Internet access in Liberia. The original Mirai botnet was limited to only 200,000 bots because there were only 200,000 IoT devices connected online that had their Telnet ports open. The botnet that's up for rent now has received improvements and can also spread to IoT devices via SSH, hence the 400,000 bots total.
Interestingly, the article claims the botnet's creators had access \to the Mirai source code "long before it went public."
Or you can get a botnet for free... (Score:5, Funny)
By getting an article posted on slashdot and having the site you want DDoS'd linked in the summary :)
Re: Or you can get a botnet for free... (Score:1)
5 visitors from Skashdot isn't going to ddos anyone.
Re: (Score:1)
Maybe 10 years ago...
15k a week? (Score:2)
Re: (Score:1)
Jesus, I'm in the wrong line of work.
Hopefully someone will find them, drag them into the woods and put 2 in the back of their heads.
[ He said with all the charity he could muster for people like that. ]
Re: (Score:2)
Isn't capitalism a wonderful thing?
Re: (Score:2)
So for $30K, you can patch 400K bot systems to never participate in another botnet? That's less than some companies pay in DDOS protection every month..... just an idea, guys.
Re: (Score:2)
I'm pretty sure they don't give you direct control over the botnet. I'd suspect you can only direct who to attack, attack timing/duration, and how many bots.
Maybe there's something you could do once you know all the IPs (for instance, you could direct them at a honeypot target), but a lot of malware closes the door behind itself once a device is compromised. I'm not sure how Mirai works, but I wouldn't be surprised if it behaved in a similar fashion.
Tomorrow will be interesting... (Score:3)
But seriously... other than causing chaos, does anything get accomplished with a DDoS that it provides some kind of value? I get the idea of a multi-pronged attack, but is there that much to gain?
Re: (Score:3)
This.
DDoS is vandalism.
It pisses someone off; costs them; and the little botnet kiddies giggle.
Re: (Score:3)
This.
DDoS is vandalism.
It pisses someone off; costs them; and the little botnet kiddies giggle.
It's also an asymmetric-warfare weapon of domestic and foreign dissidents against oppressive, authoritarian governments, which is the real, actual concern of those governments. This is particularly true in the US, as the government continues to become ever more authoritarian, corrupt, deceitful, and controlling, both domestically and in foreign affairs.
Strat
Re: (Score:2)
DDoS is an inconvenience.
It is not a problem.
The attack on Dyn was mitigated in a few hours and we move on.
Dyn should have been hardened to begin with.
You and I can bring down a single web page by ourselves but we don't.
Re:Tomorrow will be interesting... (Score:4, Insightful)
DDoS is an inconvenience.
It is not a problem.
The attack on Dyn was mitigated in a few hours and we move on.
Dyn should have been hardened to begin with...
Dyn should have been hardened? No, more like DNS as a whole should have been hardened fucking long ago.
It's still the Achilles heel of the internet.
Re: (Score:2)
I agree.
Re: (Score:2)
This.
DDoS is vandalism.
It pisses someone off; costs them; and the little botnet kiddies giggle.
Given the impact of attacking DNS, and the proliferation of State-sponsored hacking groups, I think we can stop with the giggling kiddies references now.
Not sure when we'll learn with DNS either. The security community has been preaching/bitching about the weaknesses of DNS for too damn long, and little has really been done to truly address the Achilles heel of the internet.
Re: (Score:2)
Agrre,
IT, in general, has been bitching to management about best practices.
Risk/reward analysis, so far, is in favor of sloppy gate-keeping.
Re: (Score:2)
Agrre,
IT, in general, has been bitching to management about best practices.
Risk/reward analysis, so far, is in favor of sloppy gate-keeping.
Agreed. A job mired in Security is often difficult to justify good solutions when armed with FUD as a sales tactic.
Sad we sometimes have to watch things implode in order for management to understand impact.
Very sad when the end result of poor security is harm to humans. I am not looking forward to our IoT-enabled autonomous future with the way we perceive InfoSec today.
Re: (Score:1)
Potentially, if you had a wide enough reach and enough bots, you could take over a specific router somewhere and ddos lots of other points funneling traffic through your compromised pipe. On small scale this could be used to steal data, mitm attack, etc. The internet is fairly predictable at small scale where it will route packets around a road block you create.
Re: (Score:3)
It's good for masking actual intrusions. Distracting the IT guys from the data exhilaration going on.
It's also useful for stopping up bank transactions long enough for the undo window to expire on fraudulent transfers. Say you do some real estate fraud and trick someone into wiring $200k to the wrong account. Doesn't do you any good if they catch it and roll it back in a day. Do the transfer, DDoS the heck out of the bank... that's well worth $15k a week.
Script kiddies don't pay that kind of money to laugh
Re: (Score:2)
D'oh! Serves me right trying to use big words.
I hope these rental services are honeypots (Score:2)
Throw a few of the would-be DDOSers in jail for a couple of years for the first offence. And ban them from the interwebs for 5 years after that on probation. You can be a sociopath but it will cost you. Might deter a few.
Re: jaywalking (Score:2)
Yes. Exactly equivalent, if everytime you jaywalked, traffic ground to a halt and a million people couldn't get to where they were going for half a day.
Re: (Score:2)
does anything get accomplished with a DDoS that it provides some kind of value?
Rent the botnet and instruct all the clients to download and install all their missing OS patches, install some AV software, and finally to uninstall the botnet client.
Hunter Killer Teams (Score:1)
I would approve of Hunter Killer teams solving this problem.
Re: (Score:2)
I know it is difficult to believe but not every problem can be solved by killing someone.
Re: (Score:2)
I know it is difficult to believe but not every problem can be solved by killing someone.
That is difficult to believe.
For BOINC! (Score:1)
There must be some low/non CPU intensive BOINC projects out there that could really appreciate this sort of 'net. I suppose it's probably not worth the time to get different router/IoT ASICs to actually run custom applications, compared with just pointing them to an IP for laughs.
Re: (Score:2)
Those systems don't tend to have a lot of RAM either, so they are only capable of performing truly trivial tasks, like spying on you or participating in a DDoS.
I wonder what the access level would be? (Score:2)
Re: (Score:2)
How is this different.. (Score:2)
...than the fuel-celled car Toyota is releasing soon?
Math is hard. (Score:2)
Re: (Score:2)
Why would the Russians rent out their botnets? (Score:2)
So a state-level actor rents out a botnet commercially? <Watches as cognitive dissonance explodes heads>
Re: (Score:1)
Enough with the Bot Nets. (Score:1)