Apparently the author of Mirai leaked the source code and even provided comments and build instructions. I found this a bit baffling.
He seems immature and vain, because his motive is apparently to taunt someone with how smart he is, but the code is indeed pretty awesome and educational. It's a little sad that commercial software is so ugly and that black hat software is elegant (though I guess it has to be, because it's under rather severe "environmental pressures").
At first, I was also kinda shocked that it had this simplistic list of hard-coded user names and passwords (mentioned in the article). But I guess I've worked in the software industry long enough that it makes sense. Computers are so ubiquitous and on reflection it's not a surprise that you can pull down hundreds of thousands of machines with this technique!!!
Can anyone shed light on the economics of releasing source code? I would think this would make your botnet much less valuable. Apparently someone found a vulnerability in his HTTP parser, which I don't think would have happened without the source code.
So did the author shoot himself in the foot for reasons of pride, or is there something else going on?
The best theory I've heard about the authors motivations is that after knocking Krebs offline, with a world record dos, they wanted to muddy the waters a little.
By releasing the source code and letting everyone else fight for control of the botnet, it would be much harder for anyone to trace the original attack back to them.
He seems immature and vain, because his motive is apparently to taunt someone with how smart he is, but the code is indeed pretty awesome and educational. It's a little sad that commercial software is so ugly and that black hat software is elegant (though I guess it has to be, because it's under rather severe "environmental pressures").
https://github.com/jgamblin/Mirai-Source-Code/blob/master/Fo...
At first, I was also kinda shocked that it had this simplistic list of hard-coded user names and passwords (mentioned in the article). But I guess I've worked in the software industry long enough that it makes sense. Computers are so ubiquitous and on reflection it's not a surprise that you can pull down hundreds of thousands of machines with this technique!!!
Can anyone shed light on the economics of releasing source code? I would think this would make your botnet much less valuable. Apparently someone found a vulnerability in his HTTP parser, which I don't think would have happened without the source code.
So did the author shoot himself in the foot for reasons of pride, or is there something else going on?
https://github.com/jgamblin/Mirai-Source-Code/blob/master/mi...