A hacker, who conspired with several cyber criminals in 2016 to launch a powerful DDoS attack targeting the Sony PlayStation Network’s gaming platform, which resulted in a number of websites going offline, has admitted to his crimes in a U.S. court.
The hacker was a juvenile when the DDoS attack was launched using a variant of the powerful Mirai botnet to take the PlayStation platform offline. Mirai first appeared in 2016 as the first real botnet that could seriously exploit vulnerabilities in millions of IoT devices deployed across the world either to take control of industrial networks or to steal credentials of millions of IoT device owners.
Armed with a dictionary of username and password combinations, the Mirai botnet scanned IP addresses for open ports in IoT devices, subsequently infected millions of such devices in the process, and then used the affected devices in coordinated distributed denial of service (DDoS) attacks against websites worldwide.
The success of Mirai encouraged hackers to develop more botnet variants and by October 2017, botnet-led malware attacks on IoT devices affected 49% of healthcare organisations, 82% of manufacturing, 76% of retail, and 85% of government-owned or issued IoT technologies.
According to the U.S. Department of Justice, this particular DDoS attack, which involved the deployment of a variant of Mirai, was launched in October 2016 with the aim of taking Sony PlayStation Network’s gaming platform offline for a sustained period.
“The DDoS attacks impacted a domain name resolver, New Hampshire-based Dyn, Inc., which caused websites, including those pertaining to Sony, Twitter, Amazon, PayPal, Tumblr, Netflix, and Southern New Hampshire University (SNHU), to become either completely inaccessible or accessible only intermittently for several hours that day.
“As a result of the individual’s DDoS attacks, Dyn, Sony, SNHU, and other entities and individuals suffered losses including lost advertising revenues and remediation costs. Sony estimated that its resultant losses included approximately $2.7 million in net revenue,” it said.
According to security firm Flashpoint, the DDoS attack, which was directed against three Dyn data centers in the northeastern United States and affected the websites of PayPal, Twitter, Reddit, GitHub, Amazon, Netflix, Spotify, and RuneScape, was initiated by a group of “script kiddies” hackers who frequented online hacking forums and were not associated with hacktivists, state-actors, or social justice communities.
“Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the English-language hacking forum community, specifically users and readers of the forum “hackforums[.]net.” The personalities involved in these communities are known for creating and using commercial DDoS tools called “booters” or “stressers.”
“The hackers offer these services online for pay, essentially operating a “DDoS-for-hire” service. One of the few known personalities that have been associated with Mirai malware and botnets is known to frequent these forums.
“A hacker operating under the handle “Anna-Senpai” released the source code for Mirai in early October, and is believed to have operated the original Mirai botnet that was used in the attack against “Krebs on Security” and hosting provider OVH earlier this month,” the firm added.
While the identity of the hacker behind the 2016 DDoS attack targeting PlayStation has been withheld as the individual was a minor when the crime was committed, the Department of Justice said the individual, along with several others, created a botnet, which was a variant of the Mirai botnet, for use in launching DDoS attacks. Nearly all of these attacks were directed against gaming platforms and occurred between approximately 2015 and November of 2016.
This is not the first time that hackers using the Mirai botnet or its variants, with disastrous consequences for victims, have faced strong legal action. In September 2018, the U.S. District Court of New Jersey sentenced 22-year-old Paras Jha to six months of house arrest and ordered him to pay $8.6 million in damages for using the feared Mirai botnet to launch cyber attacks against a large number of business websites.
In 2019, British hacker Daniel Kaye was also sentenced by the Blackfriars Crown Court to 32 months in prison for launching a devastating DDoS attack on Liberian mobile network Lonestar that cost the company millions of pounds in lost revenue between October 2016 and February 2017.
Kaye developed a unique variant of the Mirai botnet, named it Mirai £14, and used the new botnet to scan for thousands of internet-connected Lonestar devices. Once the botnet infiltrated the devices, Lonestar’s server crashed and the company’s revenue dipped from USD 84 million in October 2016 to just USD 17 million in February 2017.
The U.S. District Court of Alaska also sentenced 22-year-old Kenneth Currin Schuchman of Vancouver, Washington, to thirteen months in prison for developing the Satori distributed denial-of-service (DDoS) botnet, for carrying out DDoS attacks using these botnets, and for selling access to the botnets to paying customers to earn money.
The Satori botnet, which is a Mirai variant, infected more than 280,000 different IPs which were scanning ports 37215 and 52869 within a space of twelve hours. Unlike other Mirai variants, the Satori botnet featured two embedded exploits that connected to ports 37215 and 52869 to infect more devices.