Did the Mirai botnet knock Liberia offline? Not so much

Despite the many media headlines, this attack was over-hyped.

Graham cluley
Graham Cluley
@
@[email protected]
@gcluley

LiberiaDid the Mirai botnet knock Liberia offline? Not so much

On Thursday last week, while I was giving a talk at the Edinburgh International Conference Centre about cybercrime, a story spread like wildfire across the world’s media claiming that the small West African country of Liberia had been blasted off the internet by a massive DDoS attack:

Of course, if the Mirai botnet – or a botnet based upon Mirai – had succeeded in taking an entire country offline then that would indeed be something to get pretty worked up about. It’s easy to imagine how such a capability could be abused by online criminals or rogue nations in the future.

It appears the story came about after British security researcher Kevin Beaumont, who has been keeping a close eye on Mirai’s IoT-driven attacks, blogged about intermittent DDoS attacks against Liberia telecom providers.

Unfortunately, the media somehow managed to sprinkle some hyperbole into the mix, conflating the story into being that all of Liberia had been taken offline.

That, however, was simply not true – as security blogger Brian Krebs confirms:

Daniel Brewer, general manager for the Cable Consortium of Liberia, confirmed that his organization has fielded inquiries from news outlets and other interest groups following multiple media reports of a nationwide outage. But he could not point to the reason.

“Both our ACE submarine cable monitoring systems and servers hosted (locally) in LIXP (Liberia Internet Exchange Point) show no downtime in the last 3 weeks,” Brewer said. “While it is likely that a local operator might have experienced a brief outage, we have no knowledge of a national Internet outage and there are no data to [substantiate] that.”

Of course, the story is out there now that Liberia’s internet was brought to its knees by the Mirai botnet. My guess is that we will continue to hear the story presented as fact for years to come in breathless presentations by over-excitable security companies.

None of this is to say Mirai that is not a serious threat, of course, and that new botnets based upon its leaked code don’t pose a significant threat to internet infrastructure as they exploit poorly-protected IoT devices.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.