IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mirai botnet did not knock Liberia's internet offline, say security experts

West African country didn't suffer nationwide outage last week, contrary to reports

DDos Attack

Security experts have dismissed last week's reports that Liberia's entire internet infrastructure was taken down by a DDoS attack, stating that this story was "simply not true".

Despite widespread coverage, the claims were debunked by security expert Brian Krebs who found that contrary to reports, the attack did not cause a nationwide outage. He spoke to Daniel Brewer, general manager for the Cable Consortium of Liberia, who told him that "we have no knowledge of a national internet outage and there are [sic] no data to [substantiate] that."

The reports stemmed from security architect Kevin Beaumont, who noticed attacks on Liberian telecoms infrastructure while monitoring the activity of the Mirai botnet. He apparently spoke to an anonymous source withing a local telco, who supposedly confirmed that the country's single submarine internet cable - which Beaumont pointed to a "single point of failure" - was under 500Gbps attacks.

"From monitoring, we can see websites hosted in country going offline during the attacks," he wrote. "Additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack."

Many news outlets (including IT Pro) took this to mean that the internet connection for the whole country was under threat, but Brewer emphatically confirmed that this was not the case, stating "both our ACE submarine cable monitoring systems and servers hosted (locally) in LIXP (Liberia Internet Exchange Point) show no downtime in the last 3 weeks."

It appears that the attacks observed by Beaumont were in fact mounted against a mobile telco; one that had a DDoS mitigation service in place to minimise the effects of the attack. While local web performance may have been intermittent, it was decidedly not a nationwide issue.

This was confirmed by cloud and security company Akamai as well as Dyn, the DNS provider that was hit by a much bigger DDoS last month. The company's director of internet analysis tweeted that there was no evidence of any widespread problems.

However, security expert Graham Cluley cautioned that although the Liberian incident was not as bad as initially thought, Mirai and other IoT-based malware still poses a significant threat.

"None of this is to say Mirai that is not a serious threat, of course," he wrote, "and that new botnets based upon its leaked code don't pose a significant threat to internet infrastructure as they exploit poorly-protected IoT devices."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Static IP vs dynamic IP: What’s the difference?
Network & Internet

Static IP vs dynamic IP: What’s the difference?

25 Feb 2022
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

11 Feb 2022
Equinix to help DISH build out its 5G network
5G

Equinix to help DISH build out its 5G network

18 Nov 2021
What are cookies
Security

What are cookies

17 Nov 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022