Investigators say the free tool that briefly blocked access to major websites on Friday was the same one that was used in a record-breaking attack on a cybersecurity journalist.
The security firm Flashpoint reported on Friday that a Mirai botnet, used in late September against reporter Brian Krebs, likely flooded an intersection on the internet with so much traffic that it collapsed. That type of attack is known as a distributed denial of service (DDoS) attack.
The attack hit Dyn, a company that serves as the internet equivalent of a phone book. Without Dyn’s East Coast operations, users were unable to visit sites as large as Twitter.
Mirai gained notoriety after the Krebs attack because of the bandwidth it was able to generate — a record at well over 600 gigabits a second, enough to send the English text of Wikipedia three times in two seconds. Two weeks later, the source code for Mirai was posted online for free.
One computer cannot cause enough internet traffic to create that much damage. DDoS attacks traditionally hijack thousands of computers to create large, coordinated attacks using a network of attacking computers called a botnet.
Mirai is one of the new generation of botnet-creating programs that focus on devices like internet-connected cameras that traditionally have far less security than normal computers. Many targeted devices ship with default passwords that cannot be changed.
DDoS attacks are not sophisticated attacks and not even traditionally considered hacking. The victims' servers are not actually breached, just sent an overwhelming traffic jam. Because DDoS attacks are easy to set up and launch, they are a favorite technique of activists and malicious pranksters.