Contact Sales

All fields are required

F.B.I. Wins Fight Against Creators of Zombie Horde | SignalWire

F.B.I. Wins Fight Against Creators of Zombie Horde

In 2016, the general population endured a cyber security scare that seemed like it was ripped from the pages of a tech thriller. Three Americans unleashed a powerful botnet that nearly took down the internet and sent shockwaves through the technology security industry. As it turns out, these three men were not attempting to bring down the internet or send some sort of statement; they just wanted to improve their Minecraft experience. But, their invention found the perfect storm in a reoccuring but often overlooked problem in the IoT community: security.

The Internet of Things, or IoT, is a nickname given to devices that can be connected to the Internet. Think security cameras, baby monitors, refrigerators, and many of the new devices on the market that offer control via an application. These devices are becoming more popular and prevalent among the general public, but many of the average users do not change the default settings, including security passwords. By keeping the default password from the manufacturer, these devices can now be turned into ‘zombies’ and taken over by outside forces.

The botnet these men invented does just that. It scours the internet looking for devices to access with default passwords and then uses the processing power of those devices to perform a Distributed Denial of Service Attack, or DDOS. This allows the perpetrator to create a network of weaponized devices and processors to overwhelm the victim’s system by sending various requests. These three gamers had found a particularly efficient way to enslave a wide variety of devices and thus accidentally created the most powerful botnet the industry has ever seen.

Their intent was to use this ‘zombie’ IoT army to improve their gaming power in Minecraft and slow down competing hosted servers. By using a network of processors across the Internet to slow down their competition, they could motivate players to switch to their faster servers. In an effort to hide their culpability, one of the authors posted the source code on a popular code sharing website. Once their invention was released into the wild, it quickly found its way into the hands of some very shady characters. These characters used the botnet to launch an attack on a Dyn, a DNS hosting company that acts as a translator to help browsers match written hostnames to their IP address counterparts. This attack affected millions of users by muddying the connection between users and services like Netflix, Amazon, Facebook, and other websites.

After many long hours of investigating, the F.B.I. tracked down these three men and finally brought the saga to an end this month in an Alaskan courtroom. But, this event serves as a serious warning to the technology community on the importance of a simple concept like changing a default password. FreeSWITCH takes this very seriously and has even implemented steps to prompt or motivate a user to change the default password before running the software. You can learn more about how we deal with security by joining our mailing list, subscribing to our YouTube channel, and following us on Facebook and Twitter.