Behind The Headlines, Understanding The Circumstances Surrounding The Creation of The Silex Botnet

For those of you whom might not be aware, news of the Silex Botnet was first broke by Akamai and published on ZDNet by Catalin Cimpanu on June 26th. Now, normally I would link to ZDNet’s article and give them full credit for their reporting on the matter, but they would never link to this follow up report by yours truly – so fuck them, honestly. With that established, what I have is a transcript of a conversation from the hacker(s) whom built the botnet, the physical source code of the botnet itself, as well as an interview with the hacker whom trained the botnets creator(s). You may have heard of them before? It’s “0x20k” of Ghost Squad Hackers, ranked as one of the worlds top 10 botnet builders.

But, without any further adieu, lets start with the good and juicy stuff – shall we? Here’s a full copy of the source code for the Silex Botnet. Please note that I will be keeping the plain text file redacted, so you’re just going to have to learn C language and structure the code yourself if you really want it that bad.

Full 6 Page Source Code – Silex Botnet:


With that out of the way, lets talk about why all of this happened in the first place. According to the botnets architect, “Light The Sylveon,” it was actually all just an accident/mistake – really. In a transcript of a conversation seen by Rogue Media Labs, Light goes on to explain how they are “sorry” for having created the botnet and “didn’t know it would have such a large impact, to be honest.” As a result, Light is actually considering “quitting” the underground Black-Hat life, though they have plans to continue learning and becoming a better botnet builder in the future.

As for why the hackers behind the creation of the botnet reached out to me, it’s because they want the tech world to know that the Silex Botnet was never meant to become as large as it has, that Light is not some attention seeking whore – so to speak – and that they are honestly sorry for what has happened because of it. Essentially, Light was messing around with some new ideas/concepts and created something they weren’t fully prepared to handle – nothing more, nothing less.

As for an update on the Silex Botnet‘s rein of destruction, according to Light, as of July 2nd 2019, the botnet has already bricked over 10,000 devices worldwide – up from around 2,000 devices a little less than a week ago on June 26th. Additionally, for those of you whom might not have been read into it, Silex literally has no other purpose than to seek and destroy – completely blocking owners from their own devices. The source code of Silex itself was essentially designed to be a carbon-copy of Brickerbot, only with their own unique spin on it. Silex also does not round up devices for use in DDoS or Crypto-mining like most other modern botnets, nothing like that. Instead, Silex merely just searches and destroys, infecting devices with the intent of locking the owners out of the device, wiping all storage space, dropping its firewall rules and bricking it off completely. Kind of cool, for an accident anyways – right?

Lastly, Light was trained by “0x20k” of GSH, which probably explains how/why Silex attacks through default Telnet credentials – the primary means through which 20k’s Ficora Botnet also infected Internet of Things (IoT) devices in the past. On top of this, Light claims to have developed Silex with the help of 3 other hackers, whom did not want to be identified/implicated publicly.