A New Big, Bad Botnet of Things Is on the Prowl

A network of 100,000 Internet-connected devices has been corralled and is ready to attack the Web. That’s according to Dale Drew, a security researcher at broadband provider CenturyLink, who tells Ars Technica that the newly discovered botnet is “pretty sophisticated.”

Botnets are collections of connected devices that have been hacked to work with one another to send debilitating surges of data to servers. They’re becoming an increasingly large problem as smart hardware fills our homes, because IoT devices are often insecure and rarely updated, making them easy for hackers to control.

In fact, most botnets—including the infamous Mirai botnet, which inspired us to name botnets of things to our 10 Breakthrough Technologies of 2017—simply uses a database of factory-issued administrator credentials to commandeer devices that have never had their passwords changed.

The new botnet, however, actually makes use of a zero-day hack to add insecure Huawei routers to its legions. Of the 100,000 devices so far corralled by hackers, Drew tells Ars Technica, 90,000 are such routers. The other devices are ensnared using a database of 65,000 username and password combinations.

It’s not the first time a botnet has used security exploits to amass an army. In October, another team of security researchers announced that the Reaper botnet used a similar trick that threatened to affect millions of devices.

Drew tells Ars Technica that the new botnet is big enough to perform a seriously damaging attack, like the one that took down a large swath of the American Internet just over a year ago, and it’s still growing. But for now, we’ll have to wait and see when and where the new one strikes.