Back in August 2016, a research group of IT professionals discovered a malicious software called Mirai. This malware joins the long list of viruses used by hackers to perform cyber attacks. Although you might think nothing of it, chances are: you probably should. Indeed, a few days ago, cyber experts detected a new variant of Mirai mining Bitcoins. Simply put, hackers have found an easy way to use your electricity for their own profit.
Botnets: the cornerstone to large scale cyber-attacks
Using malwares such as Mirai, hackers can remotely take control of a device and turn it into their servant, called a bot. By repeating the same procedure thousands (millions?) of times, they end up creating large networks of bots, the infamous botnets.
A typical large scale use case of botnets is called DDoS attack (Distributed Denial of Service). By ordering a botnet to make repeated requests on a few critical servers, hackers can render certain websites inaccessible. This is exactly what happened on October 21st 2016, when hackers used Mirai to take down very high profile websites such as Twitter, Netflix, Reddit and many others.
Unfortunately, such attacks are not exactly uncommon: viruses are readily available on the web and surprisingly easy to use. Consequently, myriads of inexperienced technology enthusiasts (called “script kiddies”) regularly download malwares and play at being hackers with more or less success.
However, Mirai represents more than just another virus. It embodies a new worrying trend.
The Internet of Things (IoT)
Until recently, experts have mostly focused on securing regular laptops and computers. This is the reason why cyber-security actors constantly encourage consumers to update operating systems and to use up-to-date anti-viruses. As a consequence, computers are relatively well protected. Although virus infections do happen, educated computer users are usually prompt to identify infections and to react accordingly.
Paradoxically, computers do not represent the majority of connected devices anymore. The amount of devices, such as smartphones, televisions, tablets, cameras, routers, cars, heaters and even smart toasters, is surging. The inter-networking of these objects is called the Internet of Things (IoT). By 2020, experts expect the IoT to consist of 50 billion objects, a number far bigger than the number of computers.
Mirai and the weaponization of IoT devices
As you can imagine, the IoT is an incredible opportunity for hackers. By essence, IoT devices are connected to the internet, are available in great numbers and are unfortunately more vulnerable to hacking than computers. Consequently, hackers have developed new technologies to exploit this gold mine.
Mirai is one of these technologies. It is designed to turn widely spread mobile devices (mainly smart cameras and home routers) into botnets, to launch very large scale DDoS attacks. Regrettably, Mirai is not just very successful. Its source code is also readily available on the web. This may be why a few hackers decided to use it as an opportunity to run proofs of concepts. For instance, hackers have recently updated Mirai to mine Bitcoins, a famous crypto-currency. With this variant, they are now able to turn your mobile devices into clusters that literally pours money into their own wallet, whilst you pay for the electricity.
Fortunately, cameras and routers do not offer a lot of computing power at the moment. Therefore, it is very unlikely anyone will get rich at your expense. However, being a victim of such an attack is undeniably a very unpleasant experience.
Detecting infected devices and protecting yourselves against malwares
It can be very difficult to detect infected mobile devices. Typical signs include:
- Worse than usual device performance
- Surprisingly increased internet bandwidth consumption
- Unusually high electricity bill at the end of the month.
If you have a doubt, restart the suspicious device. If it works fine to begin with and slows down significantly after a few minutes, a malware using the device’s computing capabilities may be the cause.
Whether you own an infected device or not, a few simple steps will help avoid any problem. To proactively protect yourself against cyber threats, I would recommend to:
- Use your routers to identify all the mobile devices connected to your network
- On all your mobile devices you find, change the default user IDs and passwords (including routers)
- Update the firmwares and software of your devices on a regular basis, if possible
- Ensure your home network is properly secured (you may want to look for help on specialised websites and forums)
- In doubt contact your manufacturer for support.
In any case, always keep in mind two things. First: although they can be harmful, the vast majority of hackers are incompetent. They mostly run malicious software they find online and they rarely have the technical ability to adapt and run elaborate attacks. Second, hackers automate their actions and need thousands of devices to do anything useful. This implies that they focus on low hanging fruits and give up as soon as they face some sort of resistance.
The bottom line is: if your devices are more secured than usual and resist the initial hacking attempts, you are safe. Whether they do not have the patience or the technical skills to take control of your devices, there is a good chance they will just ignore you and move on.