Jun 03, 2023 14:00:00

What is the background to how three teenage boys built the malware `` Mirai '', which is said to be capable of executing a `` unprecedented level '' DDoS attack?

One type of malware,

Mirai , turns computers running Linux into remote-controlled bots that can be used as part of large-scale network attacks. Mirai has been reported to have been used in large-scale and destructive DDoS attacks . The technical journal IEEE Spectrum of the American Institute of Electrical and Electronics Engineers explains the three people who built such 'Mirai'.

The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum
https://spectrum.ieee.org/mirai-botnet

Born and raised in Funwood, New Jersey, Pallas Jar has been familiar with the field of

computers and coding since childhood. We worked to minimize damage from attacks. Based on this experience, Mr. Jah later founded ' ProTraf Solutions ' as a countermeasure service for DDoS attacks.

Mr. Jah, who was a first-year student at Rutgers University at the time, was dissatisfied with the system that allowed seniors to take popular classes preferentially. So, in November 2014, Mr. Jah launched a DDoS attack against Rutgers University's system and interfered with course registration. In March 2015, Mr. Jar also conducted a DDoS attack against Rutgers University again, creating a situation in which about 50,000 students and faculty members could not access the university's computers and networks for four days.

Mr. Jah claims that `` Rutgers University has introduced a low-quality provider like Incapsula as a countermeasure system against DDoS attacks, '' and is requesting to introduce the service of ProTraf Solutions, which he founded. . Since then, Mr. Jah has conducted DDoS attacks on Rutgers University multiple times.

After that, Mr. Jah, who was isolated in the university, dropped out of Rutgers University at the time of his sophomore year, and along with fellow hackers Josiah White, who was working on DDoS attack countermeasures at the time, and Mr. Dalton Norman, a prominent DDoS It created a conflict with the attack team 'VDoS'.

The DDoS attack team 'VDoS' is an organization made up of teenagers based in Israel, and operates a DDoS attack proxy service called '

booter ' that performs DDoS attacks on target sites for payment. was doing.

In Jah's group, Mr. Norman finds software vulnerabilities, Mr. White builds botnet malware that exploits it, Mr. Jar develops software to manage the botnet, VDoS deepened their rivalry with

Meanwhile, VDoS has partnered with another DDoS attack group called Lizard Squad to form a new group called PoodleCorp. PoodleCorp has successfully built a huge botnet capable of hacking 1,300 vulnerable webcams and sending record traffic of 400 gigabits per second to targets.

With PoodleCorp's botnet attracting attention, Jah and his group finally completed a botnet malware called 'Mirai'. Mirai, named after the anime Mirai Nikki , is a malware that targets IoT devices such as vulnerable internet-connected video cameras and devices that support the outdated remote login system Telnet . infect. After that, 'Mirai' spread all over the world is operated remotely through the C & C server developed by Mr. Jah and performs DDoS attacks. Additionally, Mirai-infected devices continue to scan for other vulnerable devices even when they are not attacking their targets, increasing the number of infected devices.

Mirai spread rapidly after its release, infecting about 65,000 devices in the first 20 hours after its release, and then doubling in size every 76 minutes thereafter. I was. The number of devices that were eventually infected is said to have reached about 500,000.

Following the expansion of DDoS attacks by Jah's group and PoodleCorp,

the Federal Bureau of Investigation (FBI) Cybercrime Special Forces continued to investigate members of the then-prominent PoodleCorp. Then, on September 8, 2016, the FBI, along with Israeli police, arrested members of PoodleCorp, effectively disbanding the group.

Mr. Jar's group, who has no opposing groups, skillfully escapes the investigation by the FBI, and at the same time, in late September 2016, almost all the source code of 'Mirai' was released on the forum where hackers gather. By publishing the source code of malware online, if you are arrested by the FBI, etc., you can escape that you downloaded it from the Internet, so it is not uncommon to publish it as an open source.

After Jah and his colleagues released the source code online, Mirai began to be used for DDoS attacks by hackers. The provider Dyn was attacked. A massive DDoS attack against Dyn resulted in intermittent outages for its customers, including Twitter and the Playstation Network.

In 2017, an FBI investigation was conducted, and as a result, Mr. Jar and his group were arrested. However, Jah and three others have pleaded guilty, expressed remorse, and were asked to serve 10 years in prison for helping investigate more than a dozen cases at the request of law enforcement agencies. He was sentenced to five years of probationary supervision instead of a prison sentence.

It turns out that a hacker arrested for creating a malware 'Mirai' that caused a 'unprecedented level' DDoS attack was cooperating with the FBI-GIGAZINE

In addition, the three have been ordered to provide a total of 2,500 hours of social service, including compensation of $ 127,000 (about 17 million yen) and cooperation with the FBI. After that, Mr. Jah and his colleagues hunted down criminals using 'Mirai' that they released, contributed to law enforcement activities, and contributed to the prevention of DDoS attacks.