Skip to Content

IoT Botnets Are Growing—and Up for Hire

When anyone can make use of a burgeoning army of rogue connected devices for a fee, the threat of a crippled Internet is more real than ever.
November 30, 2016

The army of Internet-connected devices being corralled and controlled to take down online services is active, growing—and up for grabs.

Internet of things botnets—collections of devices hacked to work with one another to send debilitating surges of data to servers—have been blamed for several recent Internet failures. Most notably, the servers of domain name system host Dyn were taken down last month, affecting connectivity across large swaths of the East Coast of the U.S.

But hackers appear to be making attempts to swell the ranks of their botnet armies and offer their services for a fee, which could make future attacks far more serious.

The German telephone provider Deutsche Telekom has reported that nearly one million of its users suffered Internet outages this week as a result of a failed attempt to recruit the company's routers as devices for a botnet. According to an independent security researcher who spoke with Motherboard, the total number of devices employed in IoT botnets could now be in excess of 500,000.

Earlier this month, Ars Technica reported that a new piece of botnet software was able to commandeer 3,500 devices in the space of five days. It’s not clear, though, at what pace these systems will continue to grow. Most of the devices currently employed by hackers seem to be older, less secure hardware that’s easy to compromise. It may be harder, and take longer, to add your latest smart home hardware to the army—though it may not be impossible.

For now, though, some hackers appear to be trying to monetize their IoT botnets. Last month, Forbes reported that a 100,000-device system could be employed for $7,500. Now, another pair of hackers has put up the botnet that they control for hire, claiming to have as many as 400,000 devices to level at servers. Hiring 50,000 devices to perform an attack is reported to cost between $3,000 and $4,000, according to the site Bleeping Computer.

The same site reports that researchers have noticed that the latest version of the malware used to create the 400,000-device botnet, which is thought to be the same one used to try to take Liberia offline earlier this month, has a new trick up its sleeve. It seems able to provide fake IP addresses for the devices it’s using, which will make it substantially harder to block when used in the future.

Earlier this year, security expert Bruce Schneier argued that someone, somewhere was “learning how to take down the Internet” using these kinds of attacks. And this month at a Congressional hearing about the threat, he appealed to the government to intervene, explaining that “the market really can’t fix this ... the government has to get involved. [W]hat I need are some good regulations.”

With hackers realizing that other parties may be interested in taking advantage of their hard-won armies, the stakes ratchet up. If something isn’t done to stamp out these botnets, Schneier's apocalyptic predictions may yet come true.

(Read more: Reuters, Motherboard, Bleeping Computer, “The Internet of Things Goes Rogue,” “Massive Internet Outage Could Be a Sign of Things to Come,” “Smart Lightbulbs Could Plunge the Internet Into Darkness”)

Keep Reading

Most Popular

computation concept
computation concept

How AI is reinventing what computers are

Three key ways artificial intelligence is changing what it means to compute.

still from Embodied Intelligence video
still from Embodied Intelligence video

These weird virtual creatures evolve their bodies to solve problems

They show how intelligence and body plans are closely linked—and could unlock AI for robots.

seeing is believing concept
seeing is believing concept

Our brains exist in a state of “controlled hallucination”

Three new books lay bare the weirdness of how our brains process the world around us.

We reviewed three at-home covid tests. The results were mixed.

Over-the-counter coronavirus tests are finally available in the US. Some are more accurate and easier to use than others.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.