This story is over 5 years old.


Criminal Hackers Have Launched a ‘Turf War’ Over the Internet of Shit

The malware behind powerful cyberattacks-for-hire services keeps spreading to new devices.
Image: kirill_makarov/Shutterstock

The mediocre but extremely effective malware that's turning Internet of Things devices into weapons to launch crippling cyberattacks keeps growing, and has now infected almost 500,000 devices, according to a new report.

The malware, known as Mirai, was released online at the beginning of the month, allowing malicious hackers and cybercriminals to create their own Botnet of Things. In around two weeks, the malware has spread to almost all corners of the globe and added 280,000 bots to the approximately 213,000 that were already infected before the public release of the source code, according to Level 3 Communications, one of the world's largest internet backbone providers.


Read more: We Need to Save the Internet from the Internet of Things

In a report published on Tuesday, Level 3 explained that they have been tracking the Mirai botnet for the last few weeks and that they have been to identify several of its command and control servers, allowing them to estimate the reach of the malware. The bad news is that, for now, it seems unstoppable.

"We don't see any end to it," Dale Drew, chief security officer at Level 3 Communications, told Motherboard in a phone interview. "Mirai is definitely growing."

Hackers have been using Mirai to launch large distributed denial of service (DDoS) cyberattacks in the last few weeks. The most famous attack, the one on noted security journalist Brian Krebs, resulted in one of the largest DDoS attacks ever. Mirai spreads by scanning the internet for IoT devices that have easy-to-guess username and password combinations, such as "admin" and "123456", "root" and "password," or "guest" and "guest," among others. It then infects the device and gives the hacker behind the attack full control over the infected device.

"There's a turf war to get the most control over IoT devices."

Mirai is the successor of another similar malware known as BASHLITE, which is still being used. In fact, according to Level 3, criminals are using both of them to target IoT devices, sometimes trying to take over devices already infected with one of the two.


"There's a turf war to get the most control over IoT devices," Drew said.

Moreover, Drew added, given that Mirai's source code is now in the open for everyone to use and modify, there's already some Mirai copycats coming out.

"Since the source code was leaked everyone is starting their own," a security researcher that goes by the name MalwareTech, who has been tracking Mirai, told Motherboard in a Twitter message.

That means the malware can now evolve more quickly and nimbly, given its open source nature. What's worse, given that most of these hacked IoT devices can't be patched remotely and can't have security software like antivirus, it's likely that Mirai and similar IoT-hijacking malware will just keep spreading.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.