Do you remember on October 21 being unable to access big websites like Netflix, Twitter or Reddit?
I 'member.
The culprit was a straightforward but extremely effective malware called Mirai (me-rye), Japanese for "future."
So what the heck did it do? How did it lock down such successful websites?
That's our TechTranslation topic. Class is in session.
The short explanation
Mirai had help with the attack from another malware known as BASHLITE. They operate similarly so let's focus on the former.
Basically, the software constantly scans the web for internet-connected machines. It prefers less obvious targets like the router in your closet or security cameras. Some internet addresses are off-limits, like the Department Of Defense.
Once a new target is found, it tries logging in with a list of over 60 default usernames and passwords. Something like "admin" and "password." After getting inside Mirai takes over and multiplies, infecting several hundred thousand machines globally. The network of infected computers (AKA botnets or zombies) waits until commanded by its owner(s) to bombard targets with web traffic.
Imagine the mall on Black Friday: complete chaos, no empty parking spots. In this case, the mall was an internet company called Dyn.
Dyn is a major domain name system (DNS) service provider. That's how your computer finds different web addresses. The Mirai botnet basically took all the parking spots, leaving us normal folks unable to visit the mall.
This kind of attack is known as a Distributed Denial of Service (DDoS).
Everything else
Seems a lot less complex now, right?
I talk more about password security in a different article and why to not to use the same one for everything. If that information is stolen from one site it's just be added to the list and tried on other sites.
People are lazy. Hackers are no different. Default usernames and passwords are public knowledge and plenty of people don't change them. An attack like this was only a matter of time.
DDoS attacks are a serious problem because of how difficult it is to defend against. The botnet's web traffic seems legitimate and the volume can simply overpower even the biggest companies.
Mirai is out of the bag. Its code was published in hacker forums long before this attack and more people find it every day.
So we're screwed?
Well, sorta. The average Joe isn't much of a target for a coordinated DDoS attack. Joe's real problem is having a Mirai zombie machine and unknowingly contributing to cyber crime.
Don't worry, you won't go to jail. But if you want to be more proactive, here are three quick security tips:
1. Reboot your router and change the default password, please god.
2. Change any password older than one year. It's probably not a secret anymore.
3. Make sure all computers (yes even phones) have antivirus. I like Windows Defender and Sophos mobile.
Thanks for reading! Leave a comment or reach out on social media to discuss with me.
@pjmulroe #MakeSecurityGreatAgain