The various Mirai botnets, which use "clumsy, amateurish code to take over even more clumsy and amateurish CCTVs, routers, PVRs and other Internet of Things devices, have been responsible for some eye-popping attacks this season: first there was the 620Gbps attack on journalist Brian Krebs (in retaliation for his coverage of a couple of petty Israeli crooks); then there was the infrastructure attack that took out Level 3, Netflix, Twitter, Dyn, and many more of the internet's best-defended services.
Now, a new Mirai botnet, variously called "Mirai #14" or "Shadows Kill," has been attacking a whole country: Liberia, a west African state founded by American black Zionists seeking freedom in the teeth of American enslavement. Liberia is a poor country, with an estimated per-capita GDP of $478, and the country's internet is served by a single submarine cable without any redundancy.
Shadows Kill was hitting Liberia with intermittent traffic floods exceeding 600gbps, which have been characterized as "tests" by security researcher Kevin Beaumont. Beaumont began documenting the attack yesterday, and immediately began receiving threatening messages from the botnet's controllers, who appear to be the same people who attacked US infrastructure last month. According to Beaumont, "The good news for that business is since publishing my Medium post, all attacks on Liberia have ceased."
Over the past week we’ve seen continued short duration attacks on infrastructure in the nation of Liberia. Liberia has one internet cable, installed in 2011, which provides a single point of failure for internet access. From monitoring we can see websites hosted in country going offline during the attacks — additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack. The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.
“Shadows Kill” — Mirai DDoS botnet testing large scale attacks, sending threatening messages about UK and attacking researchers [Kevin Beaumont/Medium]