The massive cyberweapon that temporarily knocked out parts of the internet last month misfired this week when hackers tried to take down the websites of Donald Trump and Hillary Clinton.
It failed because the Mirai botnet is getting weaker, according to experts.
The Mirai botnet is a collection of infected internet-connected devices — mostly digital cameras — that operates like a megacannon. It floods computer servers with an immense amount of data, taking out websites and potentially knocking companies off the internet.
This new weapon made its big splash on October 21 when it stopped people from accessing Netflix, Spotify and Twitter for hours.
Its still unidentified makers released the weapon’s computer code, giving hackers everywhere blueprints to recreate this kind of attack.
But hackers are now fighting for control of this megacannon. Having many people trying to use it at the same time has the effect of diffusing its powerful ray, weakening the weapon as a whole.
That’s according to the latest research from Flashpoint, a private intelligence firm that tracks hackers.
“They’re competing over control of the same population of vulnerable digital video recorders,” said Allison Nixon, Flashpoint’s security research director.
Instead of pointing the weapon at a single victim, lots of hackers have been using fragments of the Mirai weapon to interrupt computer servers that run popular multiplayer video games, like Counter-Strike and Minecraft. That matches with Flashpoint’s previous theory, that this weapon was created by hackers who hang out on gaming forums.
“We’re seeing lots of smaller attacks,” said Ronnie Tokazowski, Flashpoint’s senior malware analyst.
On Sunday and Monday, unidentified hackers repeatedly aimed part of Mirai at Trump’s campaign website for 30 seconds spurts, according to Flashpoint. They then tried to take down Clinton’s campaign site. Neither of the Distributed Denial of Service attacks worked.
Technical evidence show that this scramble for control is happening. A botnet — a mass army of infected machines — normally receives attack commands from a select few computers under the control of its hacker. But Flashpoint researchers monitoring Mirai say it’s now receiving instructions from 52 different locations.
Nixon thinks Mirai’s creator dumped the blueprints to this weapon to avoid getting caught by police. Now that many hackers are tapping into the botnet, it’s more difficult to trace it back to its original owner.
“It’s a smoke screen,” she said.
Several cybersecurity researchers acknowledge that Mirai poses less of a threat now, so there’s a smaller chance hackers will successfully take down a news website on Election Day.
“If one person can’t aim 10 million devices at something, they have a lot less power,” said Bill Sempf, an application security architect in Ohio.
But cybersecurity experts all warn that this problem remains. There are too many internet-connected devices that are easy to hack, companies keep making them, and they’re not recalling them or issuing patches.
“This issue is not going away,” said Dan Guido, who runs the cybersecurity firm Trail of Bits.