Did the Mirai botnet knock Liberia offline? Not so much

Despite the many media headlines, this attack was over-hyped.

Graham Cluley
Graham Cluley
@[email protected]

LiberiaDid the Mirai botnet knock Liberia offline? Not so much

On Thursday last week, while I was giving a talk at the Edinburgh International Conference Centre about cybercrime, a story spread like wildfire across the world’s media claiming that the small West African country of Liberia had been blasted off the internet by a massive DDoS attack:

Of course, if the Mirai botnet – or a botnet based upon Mirai – had succeeded in taking an entire country offline then that would indeed be something to get pretty worked up about. It’s easy to imagine how such a capability could be abused by online criminals or rogue nations in the future.

It appears the story came about after British security researcher Kevin Beaumont, who has been keeping a close eye on Mirai’s IoT-driven attacks, blogged about intermittent DDoS attacks against Liberia telecom providers.

Unfortunately, the media somehow managed to sprinkle some hyperbole into the mix, conflating the story into being that all of Liberia had been taken offline.

That, however, was simply not true – as security blogger Brian Krebs confirms:

Daniel Brewer, general manager for the Cable Consortium of Liberia, confirmed that his organization has fielded inquiries from news outlets and other interest groups following multiple media reports of a nationwide outage. But he could not point to the reason.

“Both our ACE submarine cable monitoring systems and servers hosted (locally) in LIXP (Liberia Internet Exchange Point) show no downtime in the last 3 weeks,” Brewer said. “While it is likely that a local operator might have experienced a brief outage, we have no knowledge of a national Internet outage and there are no data to [substantiate] that.”

Of course, the story is out there now that Liberia’s internet was brought to its knees by the Mirai botnet. My guess is that we will continue to hear the story presented as fact for years to come in breathless presentations by over-excitable security companies.

Sign up to our free newsletter.
Security news, advice, and tips.

None of this is to say Mirai that is not a serious threat, of course, and that new botnets based upon its leaked code don’t pose a significant threat to internet infrastructure as they exploit poorly-protected IoT devices.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.