“Mirai” is the name of the malware that keeps security experts around the world for weeks. In September, she was the technical base for attacks on the websites of security researchers, in October, they served large portions of the Internet address management in the USA and Europe are lame. Now it is the vehicle for the attack, the customers from the Internet, shot in the past two days, the DSL Router 900,000 Telekom.
Mirai is the tool of the Telekom-Router-Hacker – who used the Software, is unknown. German Chancellor Angela Merkel even declared on Tuesday at a press conference in Berlin: “I have no knowledge of the origin of the attacks on the Telekom network.” Also, the Federal office for information security (BSI ) has no new evidence on the origin of the perpetrators.
This is not surprising, because Mirai is a tool that can be used for any reasonably talented Hacker. The original programmer of the malware originate in all probability from Russia. This is known as in the source code of the program snippets emergence of the Russian language. According to an analysis by security researchers of US-provider Incapsula, the Mirai programmer profess your Lust for Chicken Nuggets. This suggests that the Mirai was built by young people because of the secret service professionals.
A kind of Blank-attack tool
But since the beginning of October, the Code of the malicious software is available as a free Download. The Mirai-programmers are blurring, thus, their tracks, because now, potentially, any moderately talented Hacker may build his own cyber weapon attacks can no longer simply assign.
Mirai is a modular system – a kind of Blank-attack tools for mass attacks on the Internet. The Software is designed to devices in the Internet of things to attack and take control of you. At the end of September, an unknown Hacker used the tool for the first time on a larger scale, to take control of hundreds of thousands of IP cameras from the Chinese manufacturer XiongMai and to summarize the devices of a Zombie network, called a botnet, together. Since then, the tool served as a vehicle for attacks.
In the case of the attack on the Telekom Router has been modified to Mirai so that the Software exploited a vulnerability in the remote maintenance interface of the Telekom. This was only possible due to the perpetrators have not managed to install their malicious software on the Telecom routers. According to an analysis by security researchers from Symantec, restarting the Router is enough to delete the Software from the memory of the devices, then users can install a security update.
However, although the perpetrators made this error were not Amateurs at work, says of the IT-forensics, Uwe Kissmann from Accenture: “This attack was directed against millions of routers worldwide, the Telecom customers were only the most prominent victims. An attack of this size to have the offender access to their own infrastructure. Probably they used a smaller botnet from tens of thousands of devices, in order to spread their malicious software. Such botnets, however, it is now on hacker forums as a service by the hour to rent." But the origin of the Telekom will remain the attack for the time being in the dark.
Telekom groping more in the dark
Since more than 500,000 users of a critical infrastructure is, as such, the DSL network of the telecommunications of the attack were affected, you must now take IT experts of the Federal criminal police office together with the security researchers from the German Federal office for security in information technology the investigation.
as before, the Telekom in the dark in the identification of the perpetrator. “We don’t know it simply,” said a spokesman. Currently, the group is considering a criminal complaint against Unknown. Also, Hesse’s justice Minister Eva Kühne-Hörmann calls for the need to proceed swiftly. “This attack is in need of a quick legal answer. The perpetrators must know that such actions and, in particular, the related preparatory acts are punishable," she said. In addition, the law enforcement needed to be strengthened authorities for the fight against Internet crime. These intervention options, which are the latest technical development. The Minister of justice is pushing for a fast implementation of the Hessian-botnet Initiative, a proposal to the Federal government and the Bundestag. The bill would make the hijack computers of unsuspecting users as the “digital trespass” under penalty.
The Minister of justice is pushing for a fast implementation of the Hessian-botnet Initiative, a proposal to the Federal government and the Bundestag. The bill would make the hijack computers of unsuspecting users as the “digital trespass” under penalty.