The source code behind the massive distributed denial of service attack against security researcher Brian Krebs’s website has been released online.
In a blog post over the weekend, Krebs wrote that the so-called Mirai source code’s release pretty much guarantees that “the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders, and other easily hackable devices.”
The Mirai source code leak came to light on Friday via the Hackforums community, Krebs said. A user with the alias “anna-senpai” posted the code there for anyone to use, likely to avoid getting caught.
“It’s an open question why anna-senpai released the source code for Mirai, but it’s unlikely to have been an altruistic gesture: Miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home,” Krebs wrote. “Publishing the code online for all to see and download ensures that the code’s original authors aren’t the only ones found possessing it if and when the authorities come knocking with search warrants.”
The malware spreads by “continuously scanning the Internet for [vulnerable] IoT systems” that are using default or hard-coded usernames and passwords. Vulnerable devices are then turned into bots, which together can be used to launch DDoS attacks designed to send so much traffic to a website that it’s knocked offline.
“My guess is that (if it’s not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth,” Krebs wrote. “On the bright side, if that happens it may help to lessen the number of vulnerable systems.”