Trusted Reviews may earn an affiliate commission when you purchase through links on our site. Learn More

Hacker releases code for huge IoT botnet

A hacker has released the source code for a botnet that’s capable of commandeering victim’s internet-connected devices to launch denial of service attacks.

The release was flagged by security researcher Bryan Krebs, who has a particular interest in the ‘Mirai’ botnet, as it was behind a huge attack on his site KrebsOnSecurity last month. Krebs described the attack as “among the biggest assaults the Internet has ever witnessed.”

The source code was posted by a user with the name of ‘Anna-senpai’ on the site Hackforums, along with claims that the botnet previously commanded nearly 400,000 IoT devices via telnet. The poster added that its potential reach was falling, however, as internet-connected devices and the platforms they run on come under closer scrutiny for secuirty holes.

In essence, what the botnet does is go after IoT devices connected to the internet but using default security settings. The good news is that the fix is simple enough – you normally just need to reboot the device. The bad news is that there are now multiple competing botnets all trying to hijack the same devices in similar ways, so you could well be compromised again just a few minutes after rebooting.

The extra kicker of misery is that it’s now freely available to download by anyone, and that more internet-connected devices are coming online unsecured each day.

While posited by ‘Anna-senpai’ as an altruistic move by a hacker ‘getting out of the game,’ Krebs suggests that the reason behind releasing the source code now is likely to be a whole lot more practical.

“Miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home. Publishing the code online for all to see and download ensures that the code’s original authors aren’t the only ones found possessing it if and when the authorities come knocking with search warrants,” Krebs wrote.

Now’s a good time to go and change those default security settings on any new connected devices you’ve added to your home recently.

Related: Atari changes its game to embrace the Internet of Things

Watch: The Refresh: The best tech gossip and reviews each week

(video id: 5017451818001)

Do you worry about the security of your internet-connected devices at home? Let us know in the comments below!

Unlike other sites, we thoroughly review everything we recommend, using industry standard tests to evaluate products. We’ll always tell you what we find. We may get a commission if you buy via our price links. Tell us what you think – email the Editor