It was October 21st, 2016 when a crippling blow to Earth's internet backbone was delivered. Millions, if not billions, of internet users experienced uncanny internet speed slowdowns, some experienced a complete halt of services altogether. Widespread panic ensued, as nobody, not even the world's top cyber security experts, knew exactly what was going on. For a couple of days, the world was at the mercy of an attack unlike any other: Mirai.
Long story short: Mirai was the world's largest botnet ever conceived. It targeted small, unsecured internet-capable devices. Once Mirai took control by exploiting these devices and turning them into "bots", it would mercilessly send data packets to a common target - in this case it was Dyn, a large "backbone" that helped funnel internet traffic from all across the globe to get it where it needed to go. What made this particular network deadly was the sheer number of devices vulnerable to Mirai's exploits - and NOBODY initially knew how to stop it. Or... couldn't. It was QUITE the scare. People thought it was a nation actor waging a cyber war against the United States - Was it the Russians? The Chinese? Did North Korea actually manage to bear its paper fangs? Perhaps the most shocking aspect of this attack was that it wasn't at all a political act. It was a group of college students, right here in the United States, motivated by... video games. VIDEO GAMES! The entire purpose of this attack (of which they never realized how massive it would eventually become) was to cause a slowdown for players of online video games, so the player would have an unfair advantage and win by default. That's it.
Take a moment and sit back, and realize the entire world was brought to a standstill. For a f**** video game.
Now, what I found to be really interesting, however, isn't the size, motivations, or mechanics of Mirai, but how a counter defense was put into place to "battle" Mirai: Enter Nematode.
Nematode is a bit different than Mirai - Instead of an army of zombified computers controlled from one central location, Nematode is a "worm" - Meaning it autonomously penetrates a device, delivers a payload, and spreads around through methods similar to Mirai. What makes it so interesting, however, is that it was designed to attack Mirai and shut it down from each device infected!
Imagine it: You have an infected Mirai-controlled device. From the same vulnerability, Nematode makes its way inside, "fights" Mirai and shuts it down, and copies itself into other infected devices. It's a rapid game of cat-and-mouse, being fought completely online, with little to no human intervention. Incredible, right?
It's made me nerd out so much that this song comes to mind! FYI, if you've ever seen the movie Hackers, you would know EXACTLY what I'm referencing here ;)
So there you have it: A massive online botnet attack, and a worm chasing and shutting it down, one victim at a time. It's all online, all automated, all silent. Is it still happening? I sure hope not. But it's an incredible thought to think of.
Thanks for reading! If you have any suggestions or tips, please feel free to comment below!
What one can learn from this old Internet war story: centralization is bad end de-centralization is key to success.
Dyn marketed themselves as DNS and (!) DDoS protection company. Those using their services went black, those who did not - remained online. If you rely on one upstream, on one company, it's bad. I had a good laugh when a Dyn representatative tried to sell services to me after that event.