The source code used to coordinate the biggest ever distributed denial-of-service (DDoS) attack has been released into the wild, potentially letting crooks use the tool to attack any website they wish and knock it offline.
The tool was first seen last week when security researcher Brian Krebs revealed that his site was hit by a huge 620Gbps attack, far larger than the previous biggest attack of 363Gbps.
It appeared to be in retaliation for Krebs uncovering the identity of those behind the vDOS DDoS service early in September.
Soon after, a French hosting firm called OVH was hit with an even bigger 799Gbps DDoS.
Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the simultaneous DDoS are close to 1Tbps ! pic.twitter.com/XmlwAU9JZ6— Octave Klaba / Oles (@olesovhcom) September 22, 2016
It was established that the attacks used insecure Internet of Things (IoT) devices, such as routers, cameras and digital video recorders, to generate the huge attack levels.
This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn.— Octave Klaba / Oles (@olesovhcom) September 23, 2016
The code used to run the attack, dubbed Mirai, has now been released on the Hackforms website, where the hacker touted the ability of the tool to generate huge DDoS attacks.
“Today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone,” the hacker with the alias Anna-senpai wrote.
However, the hacker acknowledged that since the report of the huge attack came to light, network carriers are fighting back against the use of IoT devices to mount the attacks.
“After the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping,” the hacker said.
Nevertheless, the release poses huge concerns for website owners, as Krebs explained that it now means anyone can use it to generate huge DDoS attacks.
“[It] virtually guarantee[s] that the internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices,” he said.
Krebs also warned that owners of insecure IoT devices will be affected by the release.
"My guess is that there will soon be many internet users complaining to their ISPs about slow internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth," he said.
The impact on websites could be huge as it opens up the risk that anyone with a grievance against a website could have it taken offline, by using the tool themselves or paying a hacker to do it for them.
"These weapons can be wielded by anyone - with any motivation - who’s willing to expend a modicum of time and effort to learn the basic principles of its operation," wrote Krebs last week.
Furthermore, mitigating against DDoS attacks is not easy. Network providers often have to bear the brunt before passing the costs on to customers. Security firm Akamai had to end its free DDoS protection to Krebs owing to the size of the attack on his website.
The rise of large DDoS attacks comes amid even more dire warnings from renowned security expert Bruce Schenier that an unknown group appears to be stress testing core internet infrastructure using DDoS attacks.
"It feels like a nation's military cyber command trying to calibrate its weaponry in the case of cyber war," he said.
Ultra-high-end all-in-one PCs from HP feature either 24-inch or 27-inch displays
Roomba 'smart' vacuum cleaner company iRobot plans to sell maps of users' homes to Apple, Amazon and Google
'Smart' products spying on their owners and selling the data for profit? Who'd have thought it!
TNT Express still struggling with NotPetya malware - crucial documents remain locked up in borked systems as staff grapple with manual procedures
TNT depots over-flowing with parcels as the company struggles to recover from NotPetya - while Reckitt Benckiser reports 'ongoing' recovery
Full roll-out of Android O expected within weeks