The Mirai Botnet: How a Few College Kids Broke the Internet with Your Security Camera

-

On October 21, 2016, Twitter, Netflix, Reddit, Spotify, and CNN went dark simultaneously across the entire US east coast. Governments and security agencies braced for a nation-state cyberattack.

It was three college students trying to win at Minecraft.

The Short Version

Paras Jha, Josiah White, and Dalton Norman built Mirai to knock rival Minecraft servers offline — a petty competitive advantage in a game economy. The weapon they built was anything but petty.

Mirai worked by scanning the internet for IoT devices — security cameras, DVRs, home routers — still running factory default credentials. "admin/admin." "root/12345." "password." It tried 61 combinations. Most devices let it straight in.

Within 20 hours of release, Mirai had infected 65,000 devices, doubling in size every 76 minutes. At its peak: over 600,000 hijacked devices. A botnet more powerful than anything ever assembled.

Here's what it did with them:

  • September 2016: took down OVH, then the largest hosting provider in Europe, at a record-breaking 1 Tbps
  • September 20, 2016: hit security journalist Brian Krebs with 620 Gbps — the largest DDoS ever recorded against a single individual
  • October 21, 2016: attacked Dyn, a major DNS provider — taking down half the internet with it 🌐
  • After the source code was released: variants knocked all of Liberia offline and took down Deutsche Telekom's 900,000 customers

The FBI agent who cracked the case put it simply: "These kids are super smart, but they didn't do anything high level — they just had a good idea."

The good idea? Most IoT devices ship with default credentials that nobody ever changes. And nobody was checking.

💡 Why It Still Matters

Mirai's source code is public. It never went away — it spawned variants that are actively running today, targeting the same class of vulnerable devices. Your security camera, your smart router, your DVR: if it ships with default credentials and you haven't changed them, it's a potential recruit.

The lesson Mirai taught the IoT industry is still being learned. Regulatory pressure for secure-by-default credentials is growing. But millions of devices already in the field never got the memo.

The internet nearly broke because of a password that was "12345." That's not ancient history. It's Tuesday.

→ Full story: the Minecraft origin, the FBI investigation, the Dyn attack in detail, and what the IoT security industry learned: Read the deep dive

Follow for more IoT security deep dives — part of my ongoing 101-story series. 🔬 

Comments

Post a Comment

Popular posts from this blog

How Smart Grids & IoT Are Powering a New Era of Energy Efficiency ⚡🌍

-
Image
As the world faces unprecedented climate challenges and surging energy demands, the way we generate, distribute, and consume electricity is undergoing a profound transformation. At the center of this revolution? The fusion of smart grids and the Internet of Things (IoT) — a pairing that’s set to make our energy systems smarter, greener, and more resilient than ever before. What Is a Smart Grid? A  smart grid  is an electricity network that leverages sensors, communication links, and automation to enable two-way communication between utilities and consumers. Instead of the old, one-way flow of electricity and information, smart grids are dynamic and interactive. IoT devices — like smart meters, grid sensors, and intelligent controllers — form the backbone of this architecture. They constantly monitor the grid, provide real-time feedback, and automate decisions that once required manual intervention. Electricity production remains one of the largest sources of global greenhouse ...
Read more

Miraikan: The Future Is Here

-
Image
The National Museum of Emerging Science and Innovation, simply known as the Miraikan, is a museum created by Japan's Science and Technology Agency. It was opened in 2001. It is situated in a purpose-built building in the Odaiba District of Tokyo. In the video, I am visiting Miraikan, the National Museum of Emerging Science and Innovation in Tokyo, Japan. I explore various exhibits spread across multiple floors of the museum, focusing on emerging technologies and scientific innovations. The first floor introduces the museum, showing a ticket purchase and an overview of the building. I take an escalator to the next floor where I check descriptions of the different floors and their themes. I am excited about the exhibits and mention a gift shop. The second floor is described as a special floor not accessible to the public, while the third floor features a kids' zone and information stands. I explore the "Create Your Future" exhibit, which focuses on envisioning a prosper...
Read more

AI + IoT: The Power Duo Shaping the Future of Our Connected World

-
Image
AI makes machines think. IoT makes machines sense. Put them together — and you get systems that can sense, think, and act in real time, without a human in the loop. That combination has a name:  AIoT . And it's already running in your hospital, your factory, your car, and probably your kitchen. The Short Version Separately, AI and IoT transformed industries. Together, they create something fundamentally different — an intelligent environment that doesn't just collect data, but interprets it and responds. Here's where it's already happening: Smart homes — voice assistants that understand context, systems that learn your routines and optimize energy use automatically Healthcare — wearables tracking heart rate, SpO2, and sleep feeding continuous data into AI that detects anomalies before symptoms appear Manufacturing — IIoT sensors monitoring machines in real time, AI predicting failures before they happen and cutting unplanned downtime Transportation — connected v...
Read more