IoT Botnets Are Growing—and Up for Hire

Jamie Condliffe | MIT Technology Review | November 30, 2016

When anyone can make use of a burgeoning army of rogue connected devices for a fee, the threat of a crippled Internet is more real than ever.

The army of Internet-connected devices being corralled and controlled to take down online services is active, growing—and up for grabs. Internet of things botnets—collections of devices hacked to work with one another to send debilitating surges of data to servers—have been blamed for several recent Internet failures. Most notably, the servers of domain name system host Dyn were taken down last month, affecting connectivity across large swaths of the East Coast of the U.S.

But hackers appear to be making attempts to swell the ranks of their botnet armies and offer their services for a fee, which could make future attacks far more serious. The German telephone provider Deutsche Telekom has reported that nearly one million of its users suffered Internet outages this week as a result of a failed attempt to recruit the company's routers as devices for a botnet. According to an independent security researcher who spoke with Motherboard, the total number of devices employed in IoT botnets could now be in excess of 500,000.

Earlier this month, Ars Technica reported that a new piece of botnet software was able to commandeer 3,500 devices in the space of five days. It’s not clear, though, at what pace these systems will continue to grow. Most of the devices currently employed by hackers seem to be older, less secure hardware that’s easy to compromise. It may be harder, and take longer, to add your latest smart home hardware to the army—though it may not be impossible...