Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

Researcher Claims He’s Identified a Co-creator of a Massive Internet of Things Botnet

But even if we find out who orchestrated some of the fiercest Internet attacks of late, will it matter?

A security researcher claims to have established the identity of a programmer behind the code that carried out some recent crippling online attacks.

Late last year, hundreds of thousands of connected devices were hacked and used to send debilitating surges of data to servers. These so-called Internet of things (IoT) botnets, made up of hardware such as Internet-connected cameras and broadband routers, were used to take down websites and Internet infrastructure. The most notable attack affected large swaths of the East Coast of the U.S.

All the while, it’s been known that many of these attacks—including one that was leveled at the security researcher and writer Brian Krebs—were made possible by a piece of malicious software known as Mirai. This piece of malware wriggled its way onto devices, infected others, and made it hard for other software to get rid of it. Over time, it created a global network of bots that could be corralled to nefarious ends.

Now Krebs has waded through the murky depths of the Internet to trace the identity of those behind Mirai. And he thinks that he’s identified one of the co-authors of the software.

In a lengthy post—so lengthy, in fact, that it has its own glossary—Krebs cites numerous sources and lays out corroborating evidence from his investigation. It’s well worth reading in full, because it feels like a modern-day detective story, packed with pseudonyms, extortion attempts, and adolescent Web posts containing intriguing clues.

The upshot is that Krebs says he believes a public posting of the Mirai source code can be traced to a Rutgers University student. Not only does Krebs think that the student wrote some of the code, he also argues that the programmer appears to have made use of hacked devices to perform some attacks, too.

But even if the creator of Mirai is unmasked, it doesn’t do a great deal to solve the problem of IoT botnets being used to take down parts of the Web. The malware is, after all, now out in the wild, and the botnets that it can be used to create are growing in number and complexity.

Late last year, computer security experts warned Congress that the government must intervene to combat the problem of IoT botnets by introducing strict regulations on security standards for connected devices—and fast. Knowing who might have been behind the latest attack should do nothing to reduce that urgency.

(Read more: Krebs on Security, “IoT Botnets Are Growing—and Up for Hire,” “Security Experts Warn Congress That the Internet of Things Could Kill People,” “Massive Internet Outage Could Be a Sign of Things to Come”)

Want to go ad free? No ad blockers needed.

Become an Insider
Already an Insider? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.