ALERT : Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country

Someone is trying to take down the whole Internet of a country by launching massive distributed denial-of-service (DDoS) attacks using a botnet of insecure IoT devices infected by the Mirai malware.

It all started early October when a cybercriminal publically released the source code of Mirai – a piece of nasty IoT malware designed to scan for insecure IoT devices and enslaves them into a botnet network, which is then used to launch DDoS attacks.

The malware behind last month’s massive internet disruption in the U.S. is targeting Liberia with financially devastating results.

This week, a botnet powered by the Mirai malware has been launching distributed denial-of-service (DDoS) attacks on IP addresses in the African country, according to securityresearchers.

 These attacks are the same kind that briefly disrupted internet access across the U.S. almost two weeks ago. They work by flooding internet connections with too much traffic, effectively forcing the services offline.

On Thursday, an employee with one Liberian mobile service provider said the attacks were taking a toll.

“The DDoS is killing our business,” he said over the phone. “We have a challenge with the DDoS. We are hoping someone can stop it.”

The employee declined to have his name published because he was not authorized to speak for his company. The attacks began a few days ago, he said, but not all Liberian internet providers were affected.

“It’s killing our revenue. Our business has been targeted frequently,” he said.

The attack on Liberia was noticed by security researcher Kevin Beaumont, who on Thursday wrote a post about the Mirai-powered botnet responsible.

This particular Mirai botnet is able to generate more than 500 Gbps of traffic, enough to seriously disrupt systems across Liberia, which already has limited internet infrastructure, he said.

“From monitoring, we can see websites hosted in country going offline during the attacks,” Beaumont added.

Hackers have been creating botnets with the Mirai malware ever since its anonymous creator released the source code on a forum in late September.

About 500,000 poorly secured internet devices, including surveillance cameras and DVRs, are estimated to be infected with Mirai.

Just two weeks ago, the Mirai IoT Botnet caused vast internet outage by launching massive DDoS attacks against DNS provider Dyn, and later it turns out that just 100,000 infected-IoT devices participated in the attacks.

Experts believe that the future DDoS attack could reach 10 Tbps, which is enough to take down the whole Internet in any nation state.

One such incident is happening from past one week where hackers are trying to take down the entire Internet of Liberia, a small African country, using another Mirai IoT botnet known as Botnet 14.

Mirai botnet

Security researcher Kevin Beaumont has noticed that Botnet 14 has begun launching DDoS attacks against the networks of “Lonestar Cell MTN “, the telecommunication company which provides the Internet to entire Liberia via a single entry point from undersea fiber cable.

“From monitoring, we can see websites hosted in country going offline during the attacks — Additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack,” Beaumont said in a blog postpublished today.

According to Beaumont, transit providers confirm that the attacks were over 500 Gbps in size, but last for a short period. This volume of traffic indicates that the “Shadows Kill” Botnet, as the researcher called it, is “owned by the actor which attacked Dyn.”

Why Taking Down Liberia’s Internet Is easy?


Over a decade of civil war in Liberia destroyed the country’s telecommunications infrastructure, and at that time a very small portion of citizens in Liberia had access to the internet via satellite communication.

However, some progress were made later in 2011 when a 17,000 km Africa Coast to Europe (ACE) submarine fiber-optic cable was deployed from France to Cape Town, via the west coast of Africa.

The ACE fiber cable, at depths close to 6,000 meters below sea level, eventually provides broadband connectivity to more 23 countries in Europe and Africa.

What’s shocking? The total capacity of this cable is just 5.12 Tbps, which is shared between all of the 23 countries.

Since massive DDoS attack against DynDNS used a Mirai botnet of just 100,000 hacked IoT devices to close down the Internet for millions of users, one can imagine the capability of more than 1 Million hacked IoT devices, which is currently in control of the Mirai malware and enough to severely impact systems in any nation state.

This is extremely worrying because, with this capacity, not just Liberia, an attacker could disrupt the Internet services in all 23 countries in Europe and Africa, which relies on the ACE fiber cable for their internet connectivity.

The root cause?

More insecure, vulnerable IoT devices, more Mirai bots.

So, in order to protect yourself, you need to be more vigilant about the security of your smart devices because they are dumber than one can ever be.


Please enter your comment!
Please enter your name here

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.