PRESS: Identified 350 infected devices, ie IP address in Montenegro, of which 150 belong to the "Mirai" botnet

On Friday, 21 October 2016, the infrastructure company "Dyn" which represents the Internet address book, and giving final beneficiaries information on the location, ie how to access web pages of some of the largest companies in the world, was under attack by "Mirai" botnets, which caused a lack of access to web sites of Amazon, Twitter, Reddit, PayPal and others.

It is estimated that the number of devices that participated in the attack, could be measured in hundreds of thousands, and that the attack was the strength of about of 1 200 Gbit per second.

In this regard, the Ministry for Information Society and Telecommunications has identified 350 infected devices, ie IP address in Montenegro, of which 150 belong to Mirai botnet and were potential attackers in the mentioned attack.

In September 2016, the website of cyber security company Kerbs was also under attack from Mirai botnets with strenght of 600 Gbit per second, while in the same month a French web hosting company OVH, was under attack by over 1 000 Gbit per second.

Botnet is a network of interconnected computers, which may have hundreds of thousands or millions of computers controlled by a single server, called the command and control server. Attacker can activate with a single command the entire network, in which case, all devices start to communicate, in a legal manner and with the target due to the enormous number of communications to come, overloading the target and make it unavailable to provide other services, say users.

Unlike other botnets, which usually consist of a computer, Mirai Botnet is mainly composed of the so-called "Internet of things" devices such as digital cameras, DVR readers, IP televisions, etc.

An interesting thing is that the software code of Mirai virus was released on the Internet and available to all. Also, as mentioned code is relatively of simple construction and can be easily implemented in the sense that it is not necessary sophisticated technical knowledge. The way the Mirai infected devices, are scanning the Internet for the purpose of finding adequate facilities, then logging in with default username and password, which are well known and easily accessible. A simple way to protect is a change of factory passwords and user names. Also, because the Internet of things devices generally have no memory, a way of removing the virus is a simple restart of the device.

It is estimated that today on the Internet there are six billion Internet connected devices. As a result of so many choices of devices that can potentially become infected and become part of botnets, attacks from Mirai are much higher than most DDoS attacks could previously achieve, which exclusively used computers, not Internet connected devices.

Services of most companies would be overloaded due to attacks or regular communication of 10 Gbit per second, while the largest companies have the capacity to provide services at a level of 100 Gbit per second.