Chinese firm blames hacked connected devices behind Friday's DDOS attack

By on
A man types on a computer keyboard Reuters/Kacper Pempel

Hangzhou Xiongmai Technology, a Chinese electronics component manufacturer, says its products unintentionally played a role in a massive distributed denial-of-service (DDOS) that disrupted major Internet sites in the US on Friday. The firm blames hacked connected devices were behind Friday's DDOS attack.

According to security researchers, the malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of service attacks, including Friday’s outage. Some of that traffic have been observed coming from botnets created with Mirai that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of Internet backbone services.

DDOS attacks and botnets are nothing new. However, the Mirai malware appears especially worrisome for its power. An attack on the website of cybersecurity Brian Krebs last month managed to deliver 665Gbps of traffic to Kreb's site, making it one of the largest DDOS attacks ever recorded. Unlike other botnets that rely on PCs, the Mirai malware targets Internet-connected devices such as cameras and DVRs that have weak default passwords, making them susceptible to attack. To make matters worse, the developer behind Mirai has released the malware's source code to the hacker community.

Security firm Flashpoint said it has been able to confirm that some of the Mirai-infected machines involved in Friday's attack are DVRs. The botnets participating in Friday's assault, however, are separate and distinct from those used to take down Kreb's website back In September, the security firm said.

Web service provider Dyn on Saturday said the massive Internet attack that rendered many popular websites unreachable for parts of Friday has ended, though its engineers were still investigating how it happened. Its engineers are still trying to mitigate "several attacks" aimed at its infrastructure. The company has also reportedly said that the DDOS attacks are coming from "tens of millions of IP addresses at the same time."