On October 12, 2016, a massive distributed denial of service (DDoS) attack left much of the internet inaccessible on the U.S. east coast. The attack, which authorities initially feared was the work of a hostile nation-state, was in fact the work of the Mirai botnet. This attack, which initially had much less grand ambitions — to make a little money off of Minecraft aficionados — grew more powerful than its creators ever dreamed possible. It’s a story of unintended consequences and unexpected security threats, and it says a lot about our modern age. But to understand it, you need a little background.
If you want to get into the details, check out this primer on the subject, but in a nutshell, a botnet is a collection of internet-connected computers — the “bots” — that are under remote control from some outside party. Usually these computers have been compromised by some outside attacker who controls aspects of their functionality without the owners knowing.
Read more about what botnets are and how the Mirai botnet was able to amass a botnet army by taking advantage of insecure IoT devices in a simple but clever way, scanning big blocks of the internet for open Telnet ports before attempting to log in default passwords, on CSO.