We now know who’s behind the Mirai Botnet.
What is a botnet? It is a network of compromised IOT devices and unsecured computers and routers that is controlled by a few central servers that hackers use to attack more devices, and eventually take down other networks and websites through a DDOS attack. The Mirai botnet took over devices by using the default login credentials to login to them and control them. It also took advantage of known security vulnerabilities and exploits to take them over.
Paras Jha, Dalton Norman, and Josiah White pled guilty to being in conspiracy to violate the Computer Abuse & Fraud Act. Jha, a formers Rutgers University student, had previously hacked the Rutgers University network and ran another botnet with Dalton Norman. Paras Jha wrote the code used in Mirai in or about July of 2016. He used Mirai to take down DynDNS, which routes traffic for the Web in America and Europe, and doing this interrupted websites like Twitter and PayPal. He also DDOSed more websites, and tried to get them to pay for his anti-DDOS service.
But what’s even more interesting is a story by Wired that says the 3 men started the Mirai botnet to DDOS their competition. You can read it on Wired (I won’t because of its length).
Sponsor: Webb Web Services (WebbCo.us) – affordable and secure website development and hosting.
Webb Web Services gives web design and development that is affordable. Zachary Webb (also the host of this podcast!) will design/develop a website for you. Security and ease-of-use are our priorities. Get a website from WebbCo.us today and get 10% off. Just go to https://seriousabouttech.com/wws and use promo code “podcast10”.
Your Security Brief: Two attackss against computer processors – Spectre and Meltdown.
Meltdown and Spectre are two related vulnerabilities in modern computer processors that are very dangerous as they can get information such as passwords and sensitive content from user programs, documents, and web browsers. Spectre exploits speculative branch prediction whereas Meltdown uses a privilege escalation attack on Intel processors. Speculative branch prediction is a methodology used by modern CPUs that guesses what a program might do next. This speeds up the processor by 10-50%. Meltdown takes advantage of the fact that CPUs can do out-of-order execution. Out-of-order execution is something that processors use to process information as efficiently as possible. A CPU that uses this methodology will process information not in the order that it came in, but instead will process them as soon as resources become available.
Spectre works against Intel, AMD, and ARM(the chips used in phones and IOT devices) processors. Meltdown is verified to work against Intel processors since 2011, but can effect Intel CPUs back to 1995. To mitigate these attacks, everyone affected should update their computers, phones, servers, and other devices. Microsoft, Apple, and others have now released patches.