The Police Unearths Mirai Hosting Infrastructure in the Netherlands

By Bill Toulas / October 3, 2019

According to a report by the Dutch Police, investigators from the National Criminal Investigation Department managed to track and locate a Mirai botnet operation center and raided the location of the hosting provider. The Police seized five servers that were responsible for managing swarms of Mirai botnets and which were launching large-scale DDoS attacks. In the context of the same operation, the Police arrested a 24-year-old from Veendam and a 28-year-old from Middelburg. These servers were “command and control” servers, so the Mirai botnets that have infected IoT devices will remain in their hosts, but will stay inactive.

As we reported earlier in the year, Mirai has been continuously evolving to target a wide range of IoT devices, compromise a rich set of routers, and even find its way inside NVRs, IP cameras, and virtually any device that can connect on the internet. The various Mirai variants have been a nasty headache for system administrators during these past few months, as they are practically multi-tools that carry lavish sets of exploits and the keys to many known vulnerabilities. While this bust in Amsterdam won’t wipe Mirai from the face of the Earth, it is definitely a massive blow for the botnet.

According to the details given by the Dutch Police report, the Mirai botnet operation that was set up by the two men was carrying out approximately a million infection attempts per month. Besides the two men, there’s also the busting of the local “bulletproof” host. This is a term used for hosting service providers who don’t care about what their customers are doing, don’t have any service policies in place, and completely ignore all forms of takedown requests or notices. These hosting services are preferred by those who host pirated content on online platforms or those who engage with illegal, malicious activities in general.

If you own an IoT device that could have been infected by the Mirai botnet, resetting it should be enough to wipe the malware from its memory. Also, if you haven’t done it thus far, change your device's default password and use a strong, unique passphrase. Remember, updating the firmware of your IoT devices if there’s a patch available is imperative in keeping them safe from botnet threats. Actors are actively searching for internet-connected devices that feature specific characteristics, and outdated firmware versions are one of the elements they use in their search results filtering.

Do you have something to comment on the above? Let us know of your opinion in the section down below, or on our socials, on Facebook and Twitter.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: