(Kacper Pempel/Reuters)
Some have worriedthat the massive cyberattack that disrupted the Internet on Friday was the work of Russian government-backed hackers, politically motivated hacktivists or sophisticated cybercriminals.But researchers at cyber-intelligence firm Flashpoint say the Internet meltdown may have been carried out by amateurs who haunt a popular hacking forum.
Flashpoint helped Web service provider Dyn determinethat hacked Internet-connected devices were involved in the attack. If Flashpointis right, the attack shows that even hobbyists can cripple the Internet's fragile infrastructure. When asked about Flashpoint's research, Dyn pointed to a blog post on its site Wednesdaythat saidit's“collaborating in an ongoing criminal investigation of the attack and will not speculate regarding the motivation or the identity of the attackers.”
[ Cyberattack that disrupted access to major websites is under investigation ]The code for the malwareMirai, which was usedin Friday's attack, was postedroughly month ago on an online community called HackForums.net by a hacker using the handle “Anna-Senpai,” as first reported by security journalist Brian Krebs.The same user is believed to be the person behind earlier attacks using Internet of Things devices controlled by Mirai, which last month targeted Krebs's website and a French cloud provider called OVH, according to Flashpoint.
Once the code was let loose online, almost anyone could have used it or tweakedit for their own purposes, said Ben Herzberg, a security research manager at cybersecurity firm Imperva.But Flashpoint saidits assessment points to HackForums users. People posting on the site regularly trade tips on malware, and some users have created tools that can launchdigital assaults similar to the one that hitDyn on Friday. Some even offer to carry out cyberattacks for a price, according to Flashpoint.
The operators of the HackForums site did not immediately respond to arequest for comment on Flashpoint's claims.
[ ‘Internet of Things’ compounded Friday’s hack of major websites ]HackForums users frequently target video game networks as a way to get attention and prove their skills, the cybersecurity firm said. Members have been linked to the hacking group that claimed responsibility for knocking the PlayStation and Xbox networks offline on Christmas Day in 2014.According to a Tuesday blog post , Flashpoint discovered that the same infrastructure used to attack Dyn was also used to target “a well-known video game company.” Apost on HackForums claims the original target of Friday’s attack was the PlayStation Network and that Dyn was essentially collateral damage. Sony did not immediately respond to a request for comment on that claim.
Those clues point to amateur hackers ― commonly known in hacker circles as“script kiddies” ― as the culprits behind the Friday attack, according to Flashpoint.
“The technical and social indicators of this attack align more closely with attacks from the [HackForums] community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivists, nation-states, and terrorist groups,” the Flashpoint researchers wrote.Other experts agree with Flashpoint’s assessment. “I think they are right. I don't believe the Friday attackers were financially or politically motivated,” said Mikko Hypponen, chief research officer atcybersecurity firm F-Secure.“It was such an untargeted attack, it's hard to find a good motive for it. So, kids.”