back to article Researchers expose Mirai vuln that could be used to hack back against botnet

Security researchers have discovered flaws in the Mirai botnet that might be used to mitigate against future attacks from the zombie network. Scott Tenaglia, a researcher at endpoint security firm Invincea, found a weakness in the HTTP flood attack that Mirai is capable of mounting. Specifically a stack buffer overflow …

  1. lansalot

    Fine, you don't advocate hacking back.

    Now, it only takes *one* of you to deviate from that, and put a stop to these miscreants. I wouldn't lose much sleep over it in this instance, if it were done properly.

    1. Mark 85

      It's not a question of advocacy but one of law. Most countries have a law against this. I keep hoping they'll change their stupid laws to allow a retaliatory attack/hack to stop attacks.

      1. John Brown (no body) Silver badge

        Does the law actually and specifically forbid an active self-defence? After all, if someone is coming at you with a knife, even a UK court will very likely not convict you of kicking the bastard in the balls. (a recent clarification of the has confirmed this)

        Pre-emptively taking out an infected computer which might attack you is currently illegal, but I don't think anything has been tested in court where someone has attacked back against a currently attacking endpoint. If this flaw allows for a more active defence by crashing or otherwise disabling attacking endpoints, it sounds like a reasonable use of force in self-defence. I could imagine it might get messy though since there are likely to be many international jurisdictions involved.

        1. Richard 12 Silver badge

          As you don't really know where the endpoint that is attacking you is physically located, the legalities are very sticky as you have no way of knowing which jurisdictions might apply and so which lws you would need to follow.

          That said, you are highly unlikely to get caught knocking infected consumer kit offline unless you announce that you did it.

          1. gudguy1a

            Hack back...

            Good response but likely not true.

            The snag is, if it is 'consumer' kit in a hospital that was coopted and used as a jump off point and you hack back, possibly doing some damage (inadvertently) for something like a life saving device. Once an investigation begins to discover how that device was brought down, law enforcement will be able to back track to your IP.

            Then, unfortunately, you're going to be on the hot seat for causing damage (or a death), even if your heart was in the right place in trying to stop the hack.

            But I think most of us are with you in wanting to do some kind of hack back to stop this crap from malevolent, idiotic, STUPD morons causing this mayhem....

        2. Doctor Syntax Silver badge

          "If this flaw allows for a more active defence by crashing or otherwise disabling attacking endpoints, it sounds like a reasonable use of force in self-defence."

          If I follow the article correctly it's not actually the device itself that's being crashed, just a process that's been placed there by a previous attack. All that's happening is that the device is being returned to its original estate. The only person with a standing to make a complaint is the original attacker - who can't complain without incriminating themselves.

  2. Anonymous Coward
    Anonymous Coward

    Tales of Mirai's death are greatly exaggerated

    Highlights from the article:

    - Not effective against Mirai's DNS flood attack that the internet last friday

    - Only "hacking back" against infected devices, not botmasters

    Also, Mirai patch incoming in 3... 2... 1....

  3. swschrad

    there is another way... governmental recall of the devices

    if you have a BitDropper 666 modem, or webcam, or baby monitor, or whatever that is known vulnerable, the FTC could order a recall. industry would wake up pretty quick if all their DVRs and Smart TVs were forced to be recalled and refunded because the software was shit full of holes.

    1. a_yank_lurker

      Re: there is another way... governmental recall of the devices

      That would be the quickest way to shake up IoT. Have all the devices recalled at least nationally however it would really be nice if the hammer dropped worldwide on the same day.

    2. Gene Cash Silver badge

      Re: there is another way... governmental recall of the devices

      That's probably the best suggestion I've heard yet. We know how expensive recalls are, from the Samsung battery fun, so they'll be desperate to avoid that even more than a fine.

      It's a good way to smack stupid IoT manufacturers without the useless, decades-long court process.

    3. Richy Freeway

      Re: there is another way... governmental recall of the devices

      Number of people that will return a £500 brand new mobile device because it might burn their face off?

      Nearly all of them.

      Number of people that will return a £40 IP camera because it makes some websites fall over?

      Close enough to zero for it not to make any difference.

      All very well having a massive recall, but you've got to get the device owner to climb up a ladder, take down the camera, wait for a replacement yadda yadda yadda. There's too much effort required by the end user for what appears to them to be zero benefit.

      The only way to make the device owners take notice would be to make the devices stop working, or curtail their internet connection in someway.

      1. John Brown (no body) Silver badge

        Re: there is another way... governmental recall of the devices

        "The only way to make the device owners take notice would be to make the devices stop working, or curtail their internet connection in someway."

        If the recall is not properly honoured or enforced, then block the "phone home" server as malicious.

  4. Planty Bronze badge
    Thumb Up

    Digital equivalent

    Of shooting burglars...

    1. Anonymous Coward
      Anonymous Coward

      Re: Digital equivalent

      Not even burglars. More like shooting 10-year-olds for being noisy and cutting across your lawn (and being too cheap & lazy to put up a fence.)

      1. ecofeco Silver badge

        Re: Digital equivalent

        You really don't understand the serious of this.

  5. ecofeco Silver badge

    Wow!

    Suggested right here on El Reg just a few days ago and found that quick.

    Bloody impressive.

  6. Anonymous Coward
    Anonymous Coward

    Why not just use the original exploits...

    ... that Mirai virus used on the vulnerable IoT devices and kick the virus out and secure the holes.

    1. Mark 85

      Re: Why not just use the original exploits...

      Why not indeed, except that also violates almost every country's computer misuse laws. Seems the bad guys can get away with it, but the good guys can't and sure as hell don't see the manufacturers jumping up and telling everyone "we'll fix those holes immediately".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like