Suspected botnet author arrested

A 29-year-old man thought to have been involved in the Mirai botnet malware used in a series of devastating attacks during the second half of last year has been arrested.

As the BBC reports in Router hacker suspect arrested at Luton Airport, the man was arrested under a European Arrest Warrant at the request of the federal criminal police force in Germany. “He is accused of being the mastermind behind the attack,” Cologne public prosecutor Dr. Daniel Vollmert is quoted as saying in the BBC report.

German authorities are treating the Mirai attack as a threat to the national communication infrastructure. The attack in Germany occurred in November 2016, and affected roughly one million Deutsche Telekom customers. Customer routers, provided by Deutsche Telekom and manufactured by Arcadyan, crashed due to Mirai attempts to exploit vulnerabilities within the routers.

The Mirai malware, as we discussed here last fall, targets consumer Internet of Things devices, such as routers and video cameras. Mirai was first identified in the summer of 2016, and has since been central to a number of devastating attacks, including knocking cybercrime investigative reporter Brian Krebs’ website offline in September 2016 and, in October, taking down a number of well-known Web and Internet properties, including Amazon.

In the KrebsOnSecurity attack, the website was hit and knocked intermittently offline with a powerful 620Gpbs attack. In October, when attackers aimed their bot army at DNS (Domain Name Services) provider Dyn DNS, the massive flood of traffic knocked offline Amazon services, Tumblr, Twitter, Reddit, Spotify, Netflix and others.

As a reminder, the Domain Name Services acts as the directory services for the Internet, converting numerical addresses to the alphanumerical site names we are familiar with. When Dyn’s systems were hit with malicious fake traffic, users couldn’t access the sites because the domain names couldn’t properly resolve.

Converting IoT devices to bots from which to stage denial-of-service attacks continuous to be a frightening proposition. There are so many potentially vulnerable devices (analysts expect there to be nearly 25 billion connected IoT devices by 2020) that it’s possible to conscript large armies of devices for this nefarious purpose.


The good (and bad) news behind the Dyn DNS DDoS attacks

The Dyn DNS attacks: What we know now

IoT botnet attacks continue, copycat emerges

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: