top of page

Brickerbot: The Botnet That Didn’t Hack Devices - It Destroyed Them

  • Writer: Yaniv Hoffman
    Yaniv Hoffman
  • Apr 27
  • 3 min read

Introduction

When we think of cyberattacks, we often imagine hackers hijacking computers, building botnets, and launching massive attacks. But in 2017, a different force emerged. One that didn’t steal devices — it destroyed them permanently.


Meet BrickerBot — the forgotten vigilante of cybersecurity, a botnet whose mission was not to control, but to cleanse the internet by force.


What Was BrickerBot?

Discovered by Radware in early 2017, BrickerBot was a highly aggressive botnet targeting vulnerable IoT devices:

  • Home routers

  • Security cameras

  • Digital video recorders

  • Smart home devices


Instead of enslaving these devices for DDoS attacks like most botnets, BrickerBot had one goal:Brick the device completely.


By exploiting devices with exposed Telnet services and default passwords, BrickerBot executed destructive commands to:

  • Corrupt storage partitions

  • Overwrite critical system files

  • Disable internet connectivity

  • Damage firmware beyond repair


Once a device was targeted, it often became irrecoverable — requiring professional restoration or full replacement.


In short: BrickerBot didn’t leave devices infected — it left them dead.


Who Was Behind BrickerBot?

The creator of BrickerBot operated under the pseudonym "Janit0r."


Janit0r saw himself not as a hacker, but as a vigilante — a "cleaner" of the internet.


His philosophy was radical but clear:


"If you can't secure your device properly, you don't deserve to have it connected to the public internet."


Rather than letting vulnerable devices be hijacked by malicious botnets like Mirai, Janit0r believed it was better to eliminate the threat at its root.


This belief sparked endless debate in the cybersecurity community:Was Janit0r a misunderstood hero... or simply a cyber criminal?


How Did BrickerBot Work?

BrickerBot operated through a simple but deadly sequence:

  1. Scanning the internet for devices with open Telnet ports (TCP/23).

  2. Logging in using default or weak credentials (like "admin/admin").

  3. Executing destructive commands such as:


fdisk -C 1 -H 1 -S 1 /dev/mtd0

rm -rf /*

halt -n -f

reboot


These commands would:

  • Overwrite memory partitions

  • Erase configuration files

  • Corrupt firmware

  • Break network connectivity


The result:Devices were "bricked" — rendered completely unusable. And it often happened in less than a minute.


BrickerBot vs Traditional Botnets

Let’s compare BrickerBot to the infamous Mirai botnet:


  1. Goal of Traditional Botnet is to Hijack devices for attacks vs BrickerBot that destroy devices permanently

  2. Method of Traditional Botnet is to Infect and maintain persistence vs Wipe storage and kill connectivity

  3. Targets of Traditional Botnet is IoT devices as well as of BrickerBot

  4. Ethical Perception of Traditional Botnet is Malicious cyberattack Vs Cyber vigilante (controversial) of BrickerBot


While Mirai sought power through numbers, BrickerBot sought safety through elimination.


Why Was BrickerBot So Controversial?

The cybersecurity world was divided:

  • Supporters argued that BrickerBot helped protect the internet by proactively removing insecure devices.

  • Critics pointed out that it illegally destroyed private property, often punishing innocent users who didn’t even know their devices were vulnerable.


Legally, BrickerBot’s actions were clear violations of cybercrime laws. Regardless of intention, damaging someone’s property without consent remains illegal worldwide.


What Happened to BrickerBot?

By the end of 2017, BrickerBot activity disappeared as mysteriously as it had appeared.

Several factors contributed:

  • Major ISPs began blocking unsecured Telnet traffic.

  • IoT manufacturers improved default security settings.

  • Public awareness of IoT vulnerabilities grew after massive attacks like the Mirai botnet.


As security strengthened, BrickerBot's "targets" slowly dried up.Janit0r vanished from the scene — his true identity still unknown.


Lessons from BrickerBot — Still Relevant Today

BrickerBot is gone, but the message it sent is louder than ever.


If you leave your devices exposed, the consequences can be immediate and devastating — whether from hackers, malware, or vigilantes.


Today, with billions more IoT devices online — from smart locks to baby monitors — the stakes are even higher.


How to Protect Yourself

Here’s what every IoT device owner should do:


  • Change default passwords immediately

  • Keep firmware updated

  • Disable unused services like Telnet and UPnP

  • Segment IoT devices from critical systems (use a separate Wi-Fi network if possible)


Simple steps today can prevent massive problems tomorrow.


Final Thoughts

BrickerBot wasn’t just a botnet — it was a warning.

A warning that cybersecurity isn't just about stopping hackers — it's about preventing negligence.


Whether you see Janit0r as a villain or a vigilante, the lesson remains: In a connected world, insecurity is not just your risk — it’s everyone’s risk.


Stay vigilant. Stay secure. The future depends on it.


Regards,

Yaniv Hoffman

 

 
 
 

Comments

bottom of page