Connectivity

Researcher Claims He’s Identified a Co-creator of a Massive Internet of Things Botnet

But even if we find out who orchestrated some of the fiercest Internet attacks of late, will it matter?

A security researcher claims to have established the identity of a programmer behind the code that carried out some recent crippling online attacks.

Late last year, hundreds of thousands of connected devices were hacked and used to send debilitating surges of data to servers. These so-called Internet of things (IoT) botnets, made up of hardware such as Internet-connected cameras and broadband routers, were used to take down websites and Internet infrastructure. The most notable attack affected large swaths of the East Coast of the U.S.

All the while, it’s been known that many of these attacks—including one that was leveled at the security researcher and writer Brian Krebs—were made possible by a piece of malicious software known as Mirai. This piece of malware wriggled its way onto devices, infected others, and made it hard for other software to get rid of it. Over time, it created a global network of bots that could be corralled to nefarious ends.

Now Krebs has waded through the murky depths of the Internet to trace the identity of those behind Mirai. And he thinks that he’s identified one of the co-authors of the software.

In a lengthy post—so lengthy, in fact, that it has its own glossary—Krebs cites numerous sources and lays out corroborating evidence from his investigation. It’s well worth reading in full, because it feels like a modern-day detective story, packed with pseudonyms, extortion attempts, and adolescent Web posts containing intriguing clues.

The upshot is that Krebs says he believes a public posting of the Mirai source code can be traced to a Rutgers University student. Not only does Krebs think that the student wrote some of the code, he also argues that the programmer appears to have made use of hacked devices to perform some attacks, too.

But even if the creator of Mirai is unmasked, it doesn’t do a great deal to solve the problem of IoT botnets being used to take down parts of the Web. The malware is, after all, now out in the wild, and the botnets that it can be used to create are growing in number and complexity.

Late last year, computer security experts warned Congress that the government must intervene to combat the problem of IoT botnets by introducing strict regulations on security standards for connected devices—and fast. Knowing who might have been behind the latest attack should do nothing to reduce that urgency.

(Read more: Krebs on Security, “IoT Botnets Are Growing—and Up for Hire,” “Security Experts Warn Congress That the Internet of Things Could Kill People,” “Massive Internet Outage Could Be a Sign of Things to Come”)

Get stories like this before anyone else with First Look.

Subscribe today
Already a Premium subscriber? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.