Mirai botnets: the vanishing upper limit of DDoS attacks.

There is a lot of blame to go around in the aftermath of the Dyn DDoS attack on Oct 21st. A good chunk of the bots look like Internet of Things (IoT) devices that were recruited by the Mirai botnet code. Mirai has dropped the traditionally high costs of building a botnet to near zero which means we’re seeing progressively larger and more effective DDoS attacks each week.

Sucuri discovered the first IoT botnet using CCTV devices in June. It was not long after that we started to see significantly larger DDoSes occurring and breaking all existing records for DDoS volume to date.

Why is Mirai such a big deal?

Hacker Mirai botnetAs I eluded to in the introduction, the cost of building a botnet used to be high. All those spam and phishing emails we’ve become numb to over the years were part of that effort. Hackers had to painstakingly trick each of us to click a malicious link which installed their malware on our (usually Windows) PC. It would take thousands of emails to get one or two suckers to click the link. It often took months to build a really powerful botnet with hundreds or thousands of zombie computers. And once it was built, it had to be carefully guarded to ensure it did not get dismantled by anti-virus software and other measures.

The reason this was so hard is because it was a person-against-person attack. Hacker guy had an agenda to trick you into clicking the link and you had a very good reason to not do that. That is why it took so many attempts to net one or two clicks. These IoT botnets are a different beast altogether. It’s smart humans against painfully dumb machines that have no way to even know what is happening to them, much less any sentient desire to protect themselves. The most significant contributing factor is the sheer number of these devices that are deployed with the factory username and password which means they may as well have no authentication system at all.

Mirai makes composing a botnet of 10s of thousands of devices even easier by automating the process. Mirai will even find the devices out on the Internet. So, now we have a situation where millions of dumb devices can be successfully exploited en masse within a short time frame. It’s the perfect storm.

Why was the Dyn DDoS attack significant?

Continue reading “Mirai botnets: the vanishing upper limit of DDoS attacks.”

A primer on your phone, I mean…your website.

The world of things is grouped into three categories for me. There’s things I know, things I don’t know, and things that in order for me to understand they even exist you’d have to go back to the Big Bang to give me enough context to get a grip on. I think that most of us think that most people know what we know, or at least have enough context to get up to speed pretty quickly. Recently, however, I find myself talking to a lot of end-user website owners and I’ve come to realize that is not so. I’ve had to have many Big Bang conversations with website owners in order to explain what I felt were pretty fundamental pieces of the Internet. So, I thought I’d try to lay out the basic things that I think everyone that owns a website needs to know.


Many of the people that cross my path daily are legitimately trying to understand all the moving parts of their website; but there is a sub-community that promotes willful ignorance as well. In some circles it has become chic to be incompetent with technology. We wouldn’t dream of saying things like “I take my car to work but I have no bloody idea how to drive” or “Lawnmower? Not a clue how it works, when it runs out of gas I just throw it out and buy a new one because I have no idea where the gas goes in”. But it is somehow OK, and in fact fashionable, to say “my website? Not a clue how it works. When it stops working I just scream and yell at random people until someone fixes it”.

So here’s my attempt to help.

Continue reading “A primer on your phone, I mean…your website.”