Are YOU at risk? Experts fear spike in hacking after code used in one of the largest cyber attacks in history is released

  • The 'Mirai' malware code was published online on a hacker's forum 
  • It was responsible for a huge attack last month, one of the largest seen
  • Mirai spreads to unprotected devices, recruiting them to carry out hacks  
  • The code can turn unsecured devices, including web cameras, routers, phones and other hackable internet-connected devices, into ‘bots' 

Web security analysts have warned of a flood of online attacks from hackers after code for a bot used to carry out a huge hack was published online.

The code, which can turn unsecured devices such as web cameras, routers, phones and other hackable internet-connected devices into ‘bots’, could be used to target websites, knocking them offline.

Called ‘Mirai’, the code is believed to be behind last month’s landmark attack on security website Krebs On Security.

Security experts have warned of a wave of online attacks after hackers published malware code behind a huge DDoS attack in an online forum. Called ‘Mirai’, the code is believed to be behind last month’s landmark attack on security site KrebsOnSecurity

Security experts have warned of a wave of online attacks after hackers published malware code behind a huge DDoS attack in an online forum. Called ‘Mirai’, the code is believed to be behind last month’s landmark attack on security site KrebsOnSecurity

WHAT IS A DDOS ATTACK?

A DDoS or distributed denial-of-service attack is used to target a specific machine, server or website.

This is accomplished by flooding the chosen machine, server or website with simple requests for information in order to overload it and prevent it from being used.

Hackers use 'botnets' to do this - networks of devices that they bring under their control.

They do this by getting users to inadvertently download software, typically by following a link in an email or agreeing to download a corrupted file.

These botnets are then used to bombard the servers with requests, carried out simultaneously, causing them to become overwhelmed and shut down.

Security expert and author of the blog, Brian Krebs, highlighted the publication of the code, which was posted on a hackers' forum last week.

He warned of the potential for a huge hike in attacks by ‘internet of things’ (IoT) devices, which could be used to bombard websites with requests, overloading them and effectively shutting them down.

These so called DDoS (distributed denial of service) attacks have previously been used to take out websites, with the UK ranked as the second most targeted nation, after the US.

DDoS attacks involve flooding machine, server or website with simple requests for information until they become overloaded and unable to function.

By harnessing vulnerable internet connected devices - enslaving them and making them contact a central server, or botnet - hackers can greatly boost the strength of an attack by using them, without their owners' knowledge. 

Last month's DDoS attack swamped Krebs On Security by sending a huge 620 gigabits of data every second, which is more than enough traffic to take down most websites.

According to KrebsOnSecurity, the Mirai malware 'spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords'. 

The identity of the hacker behind the malware source code is unknown, but the person posting the code by the username of 'Anna-senpai' claimed to have used it to recruit hundreds of thousands of bots.

By harnessing vulnerable internet connected devices - enslaving them and making them contact a central server - hackers can greatly boost the strength of an attack 

By harnessing vulnerable internet connected devices - enslaving them and making them contact a central server - hackers can greatly boost the strength of an attack 

In an online statement, the hacker said that counter measures have made a dent in the effectiveness of the malware as websites have started 'cleaning up their act', but they still recruits huge numbers of devices.

Writing on the forum, they said: 'When I first go in DDoS industry, I wasn’t planning on staying in it long. I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO [get the f*** out]'.

They added: 'I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. 

'However, after the Kreb DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.'

Analysts warn that thanks to malware such as Mirai, millions of vulnerable web-connected devices could be under the control of hackers and used by botnet servers to carry out online attacks.

Tony Anscombe, of security software firm Avast, told MailOnline: 'Every device connected to the internet is a potential route for hackers...so it’s important these devices are secured in the appropriate way.

'The starting point for this is that people should always complete software updates when made available from the device manufacturers.

'Secondly, always secure devices with login and password details that are not the default ones which were sent with the device. Hackers are abusing these devices by running malware on them which targets the manufacturer’s default password and login details.'  

He added: 'Thirdly, if its available for your devices, get the latest security product installed which can stop attacks before your device is made vulnerable.' 

THE BIGGEST ATTACK EVER?

The attack against KrebsOnSecurity began around 8 PM ET on 20 September, and initial reports put it at approximately 665 Gigabits of traffic per second bombarding the site.

Martin McKeay, a senior security advocate at Akami, said the largest attack the company had seen ever seen before, which was earlier this year, was 363 Gbps.

Additional analysis on the attack traffic suggests the assault was closer to 620 Gbps in size, but this is many orders of magnitude more traffic than is typically needed to knock most sites offline.

The biggest chunk of the attack came in the form of traffic designed to look like it was generic routing encapsulation (GRE) data packets.

'Seeing that much attack coming from GRE is really unusual,' Mr McKeay said.

'We've only started seeing that recently, but seeing it at this volume is very new.'  

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.

Who is this week's top commenter? Find out now