This story is over 5 years old.


Twitter Account Shows Mirai Botnets Using Your Security Camera In Cyber Turf War

Huge armies of infected devices are attacking everyone. Even each other.
Janus Rose
New York, US
Image: zeevveez/Flickr

In the wake of a major cyber attack that blocked access to popular websites along the East Coast on Friday, security researchers have created a Twitter account that posts live updates of ongoing distributed denial-of-service (DDoS) attacks being launched by massive armies of smart devices compromised by malware known as Mirai.

The account, called Mirai Attacks, includes updates showing the IP addresses being targeted by the zombie botnets bearing the malware's digital signature, which currently include over half a million infected Internet of Things devices like security cameras and smart TVs. The compromised devices were partly blamed for a large attack on Friday that targeted key infrastructure supporting the internet's Domain Name System (DNS), resulting in outages for popular sites including Twitter, Reddit, and Etsy.

The Twitter account uses data compiled by researchers known as MalwareTech and 2sec4u, who have been mapping the spread of the malware ever since it was found responsible for a record-breaking DDoS attack against the website of cybersecurity reporter Brian Krebs. Following that attack, a hacker named Anna-senpai released the malware source code for free through a criminal hacking forum, presumably to cover their tracks as the attacks began making headlines. The malware is designed to scan for security cameras and other internet-connected "smart" devices that are still using their default passwords.

It's still unclear who is behind the attacks, and several distinct Mirai botnets have emerged since the malware's release. According to the researchers, the botnets have even been observed attacking one another, in some kind of bizarre cyber-dystopian turf war.

In any case, it's probably a good idea to change the passwords on all your Internet of Things devices—or preferably keep them offline altogether.