Over the past week, the African country of Liberia has been the target of a series of high-bandwidth directed denial of service (DDoS) attacks, nearly crippling the nation’s fledgling internet service.
The attacks originated from a network called Mirai botnet #14, intermittently flooding Libera’s networks with traffic of over 500 gigabits per second in bandwidth during each attack. Botnets consist of a network of thousands of "zombie computers", typically home computers that, unknown to their individual owners, have viruses or other malware that send out data when commended to by the controller of the malware.
While each individual computer doesn’t need to transmit much data, the combined effect of thousands (and possibly tens to hundreds of thousands) of computers that are simultaneously directed to send data to a particular network can overwhelm the target, with the resulting flood of spam shutting out the network’s legitimate user traffic.
Because of the decentralized nature of botnet networks, it makes it nearly impossible to track down the attacking party, and their ease of use and accessibility — Mirai botnet software is an open source toolkit downloadable by virtually anyone — means that even casual hackers can take advantage of botnet DDoS services.
The sheer amount of bandwidth being transmitted in the attacks on Liberia indicates that Mirai botnet #14 is a massive one, and it quite probably growing. It has been determined that this is the same network that perpetrated the October 21 DDoS attack on DNS service provider Dyn, causing major service disruptions for users in Europe and North America. And the pattern of attacks also indicates that whomever is conducting them is honing their technique, learning how to disrupt larger and larger systems.
As to what the next target will be is anyone’s guess, and the attackers have exposed the vulnerability of a number of major systems — meaning anything from major internet services to next week’s U.S. presidential election could be fair game.