Last month, the Mirai botnet emerged from the shadows and directed its fury at security expert Brian Krebs. A few weeks later, the DNS servers at Dyn fell victim and many of the biggest sites on the Internet went dead for millions of Americans. Now it appears that Mirai knocked an entire country offline.
Only temporarily, mind you, and the target was a very small one: Liberia, with a population of around 4.5 million. Fewer than 10 per cent of its citizens have Internet access and the entire country is served by just two companies that share a single fiber optic cable. Who would want to DDoS a country like Liberia? One strong possibility is someone who's testing the Mirai botnet's capabilities.
The attack on Krebs' website was easy enough to understand. He's a respected security researcher and has doggedly pursued and helped expose numerous cybercriminals over the years. He's been SWATTED. He's had criminals send him narcotics in the mail in the hopes that he'd be wrongly arrested. It's easy to see the kind of satisfaction one of his adversaries would get from knocking his site offline.
It was an attack unlike any other. Akamai, the company that hosted Kreb's site, was battling against an epic torrent of traffic. At its peak, Mirai was hammering their servers with 620 gigabits of garbage traffic every second. They said it was more than double what they'd seen from any past attacks.
But the Mirai botnet hadn't even broken a sweat. Next up was Dyn, and Mirai showed that there was still power to spare. Whoever was in control of Mirai opened up the floodgates, drowning Dyn in a jaw-dropping 1.2Tbps -- making the attack against Krebs and Akamai seem like little more than a warm-up. Dyn's official report on the incident said that they'd seen traffic from "tens of millions of IP addresses."
So why target Liberia, and why now? It's possible that Liberia is the starting point for a new display of the power. Though it peaked at a comparatively modest 500Gbps, service interruptions were reported throughout the day yesterday. Had the full force of Mirai been directed at Liberia, a prolonged outage was a distinct possibility.
There's a good chance that neighboring countries could have been impacted, too. That single fiber -- the African Coast to Europe or ACE cable -- doesn't exclusively serve Liberia. It provides connectivity to at least nine other African countries and will eventually serve nearly two dozen.
Taking a good chunk of an entire continent offline could be the next step. Then again, they could have a much bigger target in mind. Given the pace of attacks so far, we may not have a long wait before we find out who Mirai's next victim will be.
Update: Krebs himself has been investigating the situation and believes that while an attack was launched, the country was never actually knocked offline. The capability to do so is certainly very real, he cautions.
