Mirai Malware Source Code Used To Create Botnet In Dyn DDoS Attack By New World Hackers

Cyberattack
Mirai malware linked to elaborate botnet behind Dyn DDoS attack. Getty Images

Dyn, a New Hampshire-based internet performance got hit with a massive attack on Friday, October 21, 2016--one for the record books of cybercrime. The large scale distributed denial of service (DDoS) attack hit some of the Internet’s most popular Websites at about 7:10 a.m. EST Friday morning. As USAToday reports, the attack affected the East Coast region of the United States, disabling user access to some of a list of major Websites. The sites affected by the recent DDoS attack include Amazon, GitHub, GrubHub, iHeart.com, Netflix, PayPal, Reddit, SoundCloud, Spotify, Twitter and more.  

Anyone who tried to access any of the aforementioned sites found themselves looking at a Domain Name Systems (DNS) error page instead of their frequented site’s familiar landing page. DDoS attacks manipulate target sites by overloading servers with so many fake information requests that real requests cannot get a response. So who did the DDoS attack on Dyn? According to CBS News, a group of underground hackers claiming responsibility for the attack, the New World Hackers, threw an overwhelming 1.2 terabits of data at Dyn systems. “It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time. We’re learning though,” said Kyle York, Dyn’s chief strategy officer said Friday afternoon during a conference call link-up with reporters. According to Dyn’s status site, the DDoS attack hit its system aggressively in back to back waves. Security experts were ultimately able to restore service at about 5:00 p.m. EST Friday afternoon.

Dyn's team was able to pinpoint that the New World Hackers who launched the recent crippling DDoS attack, the largest to ever hit Dyn systems, employed a simple-to-use program called Mirai malware to gain control of over 10 million devices. This trojan software first infects a victim’s computers or home networks via phishing emails. It then takes control over online devices such as DVRs, cable set-top boxes, routers, even connected cameras, and then uses them to launch the distributed denial of service attack. As a collective, the Mirai infected devices create a robot network--a “zombie” botnet of connected computers controlled by hackers to push out the millions of fake messages required to to flood the targeted server. History tells that a Mirai malware source code based botnet was also used to perform the DDoS attack that targeted security researcher Brian Krebs’ blog, “Krebs on Security” as well as OVH, a French internet service and hosting provider. According to a report from Flashpoint, hacker and Mirai trojan malware software developer, “Anna_Senpai,” the botnet orchestrater behind the huge Krebs DDoS attack, released the Mirai malware source code online to the hacker community earlier this month. Since the Mirai malware source code has now surfaced in the wild, copycat hackers are free to use the Mirai malware software download to build ther own botnets and launch similar DDoS attacks over the Intenet. 

Dyn provides Domain Name Systems (DNS) services for select regions of our vast Internet, acting as a digital address book. Essentially, the DNS is a decentralized network of files designed to list domain names that Internet users access with numeric Internet Protocol (IP) addresses. This allows computers to navigate to sites across the Web. "If you go to a site, say yahoo.com, your browser needs to know what the underlying Internet address that’s associated with that URL is. DNS is the service that does that conversion,” chief technology officer for Intel Security Steve Grobman said Friday. The FBI and Homeland Security are deeply investigating the Dyn DDoS attack and the people behind it. “We didn't do this to attract federal agents, only test power," alleged New World Hackers members, "Prophet" and "Zain" said in a direct message to AP over Twitter. While the Dyn DDoS attack Friday inconvenienced many Web users who were trying to access their favorite Websites, what’s most troubling about this recent cyberattack is how easy it is to execute, even for newbie hackers. 

This major distributed denial of service attack is proof of just how vulnerable the Internet is, no matter how complex and secure it may appear on the surface. When asked if the New World Hackers group had any demands of the sites it hijacked, such as blackmail money, another purported member named “Ownz” told AP, "We will make one demand actually. Secure your website and get better servers, otherwise be attacked again." In light of the recent DDoS attack, do you think the New World Hackers did Dyn a huge favor by exposing the Internet’s vulnerability? Let us know what your thoughts are in the comments below. 

What do you think?