Massive cyber-attack grinds Liberia's internet to a halt

11 November 2016

Internet

The attack was a distributed denial of service, in which a network of infected computers is directed to bombard its target with traffic and overload its servers

The weapon used in the October attack, the Mirai botnet, was particularly effective because it harnessed infected, internet-connected devices such as DVR players and digital cameras.

The entire internet infrastructure of the African nation of Liberia has been brought to a grinding halt after it was targeted by hackers using the same weapon that caused the largest cyber-attack in history just two weeks ago.

The attack was a distributed denial of service, or DDoS, in which a network of infected computers – a botnet – is directed to bombard its target with traffic, overloading its servers.

The weapon used in the October attack, the Mirai botnet, was particularly effective because it harnessed infected, internet-connected devices such as DVR players and digital cameras.

Now the same weapon has been used over the past seven days in continued attacks on the west African nation of Liberia, according to Kevin Beaumont, a security expert who has been closely monitoring attacks using Mirai botnets.

“We’re seeing attacks over 600gbps [gigabits per second] aimed at two companies which co-own the only fibre going into [Liberia],” Beaumont told the Guardian, adding that during the attacks websites inside the country are rendered unavailable outside as well. “The recent attacks ... are huge in volume – among the most amount of traffic internet has seen.”

Zdnet reported that infrastructure providers had said the attacks were over 500gbps in size – not as large as the 1,100gbps (1.1 terabits per second) attack in October, but still among the largest DDoS attacks ever.

The previous target was Dyn, a company that controls a large number of domain name service infrastructure that acts as a switchboard for internet traffic, through which the attack brought down major internet services across Europe and the US including Twitter, Netflix and Spotify.

Experts told the Guardian that the Dyn attack may have been by far the largest of its kind. Mirai is also open source, meaning anyone with the requisite know-how can use it.

The particular Mirai botnet that is attacking Liberia has officially been named Botnet 14 14. An independent twitter account, @MiraiAttacks, has been automatically tweeting messages picked up on the botnet, some of which have used threatening language and lead Beaumont to dub the botnet “Shadows Kill”.

It is not known who is wielding the Mirai botnet against Liberia, or whether it is a state actor or independent hackers. In a blogpost, Beaumont said: “The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.”

The Liberian embassy in Washington did not respond to requests for comment.

Source: The Guardian 3 November 2016