large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Hacker releases code for huge IoT botnet

A hacker has released the source code for a botnet that’s capable of commandeering victim’s internet-connected devices to launch denial of service attacks.

The release was flagged by security researcher Bryan Krebs, who has a particular interest in the ‘Mirai’ botnet, as it was behind a huge attack on his site KrebsOnSecurity last month. Krebs described the attack as “among the biggest assaults the Internet has ever witnessed.”

The source code was posted by a user with the name of ‘Anna-senpai’ on the site Hackforums, along with claims that the botnet previously commanded nearly 400,000 IoT devices via telnet. The poster added that its potential reach was falling, however, as internet-connected devices and the platforms they run on come under closer scrutiny for secuirty holes.

In essence, what the botnet does is go after IoT devices connected to the internet but using default security settings. The good news is that the fix is simple enough – you normally just need to reboot the device. The bad news is that there are now multiple competing botnets all trying to hijack the same devices in similar ways, so you could well be compromised again just a few minutes after rebooting.

The extra kicker of misery is that it’s now freely available to download by anyone, and that more internet-connected devices are coming online unsecured each day.

While posited by ‘Anna-senpai’ as an altruistic move by a hacker ‘getting out of the game,’ Krebs suggests that the reason behind releasing the source code now is likely to be a whole lot more practical.

“Miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home. Publishing the code online for all to see and download ensures that the code’s original authors aren’t the only ones found possessing it if and when the authorities come knocking with search warrants,” Krebs wrote.

Now’s a good time to go and change those default security settings on any new connected devices you’ve added to your home recently.

Related: Atari changes its game to embrace the Internet of Things

Watch: The Refresh: The best tech gossip and reviews each week

(video id: 5017451818001)

Do you worry about the security of your internet-connected devices at home? Let us know in the comments below!

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.