Tens of thousands of ‘botnet’ computers and devices, ‘cleaned and released’ by FBI have now been hacked into, and could be used as cyber weapons targeting the digital infrastructure of nations, reports in the US media said. Law enforcement agencies and technology companies are engaged in an ongoing battle against these rapidly evolving botnets, as existing internet infrastructure struggles to keep pace with their increasing power and scope. Here is what you should know about these infected devices, which could very well be your own smart TV.

What are botnets and why are they dangerous cyber weapons?

Botnets are networks of private computers and internet-linked devices like smart TVs and routers infected with malicious software and controlled as a group without the owners' knowledge. They are typically used by hackers to send spam or launch other forms of malicious activity like ransomware or DDoS attacks.

The Federal Bureau of Investigation had released some 95,000 of these hacked devices, many of which have now been taken over by hackers in what is being described as a "feeding frenzy."

"It became a race to take them over as fast as possible," said Damian Menscher, a Google security engineer.

Aisuru: The botnet group that took over devices freed by FBI

A botnet group called Aisuru took control of over a quarter of the machines ‘freed’ by FBI, and immediately began launching record-breaking distributed denial-of-service (DDoS) attacks, according to reports in the Wall Street Journal and other technology outlets.

According to Cloudflare, which tracks DDoS activity, 11.5 trillion bits per second of junk traffic were pushed on 1 September—the largest ever recorded.

This was a "world record" in intensity, said Cloudflare, noting that the attack could overwhelm the download speeds of over 50,000 home internet connections in a single strike.

Why the Aisuru botnet group matters: The stealth of cyber attacks

Unlike traditional botnets that use personal computers, Aisuru relies on overlooked internet-connected devices such as routers, smart TVs, and security cameras.

These are usually left online, rarely updated, and can typically only join one botnet at a time.

When the FBI removed the old malware from the infected machines, it inadvertently opened the door for Aisuru to swoop in and take over, according to reports.

Millions of smart TVs are part of botnet networks

One botnet dismantled by Google earlier this year had grown from 74,000 Android TV devices in 2023 to over 10 million in two years, making it the largest known botnet composed of smart TVs, according to the reports.

Google said these smart TV botnets were used to click billions of ads in an advertising fraud scheme.

This network could easily have been repurposed for ransomware or DDoS attacks.

In August, a 22-year-old from Oregon was charged with operating a botnet that temporarily took down the social media platform X earlier this year. The case highlighted how vulnerable even major platforms are to such cyberattacks.

Botnets are now being used by countries in cyber warfare

Botnets can now disrupt not only websites but entire national internet infrastructures.

According to Craig Labovitz, head of technology at Nokia’s Deepfield division, the concern over botnets has shifted from the vulnerability of websites to the vulnerability of entire countries.

The UK has accused Russia’s GRU of launching DDoS attacks on Ukrainian banks in 2022, just before the military invasion. A botnet was most likely used in the operation.

ResHydra: A botnet launching cyberattacks

ResHydra, a botnet built from tens of millions of devices, initially focused on fraud but has since begun launching cyberattacks, said the reports.

Controlling a botnet of that scale could "do extreme damage to a country," warned Chris Formosa, a researcher with Lumen’s Black Lotus Labs.

If botnets like Aisuru and ResHydra continue to grow in size and strength—or combine forces—even the successful defences mounted by Google and Amazon could be overwhelmed, said the reports.