The Janitor is the hacker responsible for the BrickerBot malware, a malicious software that has destroyed thousands of insecure Internet of Things devices over the past couple of months.
Unlike ordinary hackers, The Janitor’s principal goal is the destruction of IoT devices, not for monetary benefit, but as a way of purging what he has compared to a cancerous growth that only seems to worsen: the rising DDoS attacks.
BrickerBot is an anti-botnet malware that was discovered and researched extensively by Pascal Geenens. He noticed that although the malware exploited devices’ BusyBox vulnerabilities to gain access to their default passwords, it did not do so in order to turn them into denial-of-service tools.
BrickerBot Malware is Configured to Destroy
Although BrickerBot capitalizes on the same vulnerabilities used by the Mirai botnet to capture IoT devices, Geenens noticed that the malware was focused on destroying the IoT device, irreparably in most cases.
Speaking to CyberScoop, Geenens unraveled the story of how he stumbled upon this weaponized version of the Mirai botnet, when two different versions of the malware attacked the bait (a network of unsecured computers left on the internet) he had set up.
Based on Geenen’s observations, the malware was engineered to corrupt the flash memory and firmware components of the devices it compromised, rendering them useless.
However, he stated that different versions of the malware had different total impacts on the compromised IoT devices.
While some devices were “bricked” (damaged beyond repair), others could be restored by a simple reboot.
Webcams are the most susceptible devices to BrickerBot attacks, according to Geenens.
Although there’s no correct estimate as to how many devices have succumbed to the BrickerBot malware so far, each version of the anti-botnet malware is said to have taken down thousands of IoT devices so far.
The Janitor Speaks
In a blog post, The Janitor revealed the motives behind the creation and dispersion of the BrickerBot malware. He highlighted the indiscriminate DDoS attacks of 2016, which he believes would not have been possible if it weren’t for the sheer number of IoT botnets at the disposal of the attackers.
The last quarters of 2016 were marked by astonishingly massive DDoS attacks, one of the most famous being the series of Mirai botnet attacks that used over 500,000 IoT devices in South Korea, Hong Kong and China to extort various targets into paying ransoms for the attacks to stop.
The Mirai malware, a product of the hacking outfit known as BestBuy, is purportedly in eliminable once it infects a device.
This was proven by a hacker from the same outfit last year after he bragged about turning an estimated 3.2 million unsecured routers using the malware.
The Janitor believes he offers a sort of cleansing service, calling it “Internet Chemotherapy.” His anti-botnet vigilante malware is meant to serve as punishment to manufacturers of IoT devices for not taking action to quell the indiscriminate hacking of their devices and to the owners for not protecting the passwords to these devices.
BrickerBot Malware Launched Over the Tor Network
Geenens noticed that the first version of the malware executed attacks more rapidly than its succeeding versions.
He also confirmed that the source was hidden since the attacks were possibly launched over the Tor network to retain anonymity.
The Janitor has been applauded within various internet communities, termed a modern-day vigilante.
Despite the seemingly destructive nature of the BrickerBot malware, it is evident that more and more people are happy that something is finally being done to reign in the worryingly high numbers of DDoS attacks.
It is for this reason that Geenens predicts copycats will emerge at some point.