由於攻擊代碼在網上分享所引發的網絡攻擊恐慌

Fears of massive net attacks as code shared online

BBC News 2016-10-25 12:00:00
http://www.bbc.com/news/technology-37540732

Computer code used to mount one of the biggest web attacks ever seen has been released online.


Security experts fear the release will prompt more massive attacks that knock sites offline by swamping them with data.

The attack tool seeks out smart devices in homes that are weakly protected with easy-to-guess passwords.

Net monitoring firms said they had already seen an increase in scans that seek out vulnerable devices.

The "Mirai" source code was released on a widely used hacker chat forum over the weekend.

The same code is believed to have been used to target security blogger Brian Krebs in late September in an attack that pointed more than 620 gigabits of data every second at his site.

Mr Krebs said the release "virtually guaranteed" that the net would soon be flooded with similar incidents as it made it easier to mount such large-scale attacks that abuse access to the consumer gadgets.

'Collateral damage'


When Mr Krebs' site was attacked, the amount of data with which it was hit was believed to be the biggest ever seen. However, it was eclipsed later the same month by an attack on French hosting firm OVH, which suffered a malicious datastream that peaked at more than one terabit per second (1,000 gigabits).

Research by security firms suggests that both attacks managed to generate so much data by seeking out insecure devices that make up the "internet of things". These are smart devices such as webcams, thermostats and other gadgets that owners can control via the net.