Last Week's Mass Cyberattack Was Probably Not Politically Motivated, Report Says

Government-backed hackers unlikely to be behind hitchhike on Internet of Things devices, says Flashpoint business intelligence firm.

An employee demonstrates a Smart Home fridge at a John Lewis department store in London, April 8, 2016.
Chris Ratcliffe, Bloomberg

The hackers behind the devastating cyber-attack last Friday against some of the Internet’s largest companies and critical American networking infrastructure are most likely independent and not working on the behalf of any government organization, the Flashpoint business intelligence firm said in a report released Tuesday.

“Despite public speculation, Flashpoint assesses with a moderate degree of confidence that the perpetrators behind this attack are most likely not politically motivated, and most likely not nation-state actors,” reported Flashpoint, which was the first to discover that the distributed denial-of-service attacks came from the Mirai botnet.

The attack used hundreds of thousands of web-connected devices – the so-called Internet of Things – including such common devices as routers, digital video recorders, Internet-connected security cameras and even baby monitors for the attack, and disrupted services from such major sites as Twitter, Amazon, PayPal, Spotify and Netflix. The DDoS attack crashes websites and services by overwhelming them with large amounts of traffic.

It was commonly suspected that Russian or Chinese government-affiliated hackers were behind the attack against an infrastructure company in New Hampshire named Dyn, which provides name services (DNS) and acts as a switchboard for Internet traffic by translating website addresses into the numerical IP addresses used on the Internet.

But Flashpoint found the hackers behind the Mirai software seem to be connected to the English-language hacker community, and in particular hackforums.net. “The personalities involved in these community are known for creating and using commercial DDoS tools called ‘booters’ or ‘stressers.’ The hackers offer these services online for pay, essentially operating a ‘DDoS-for-hire’ service. One of the few known personalities that have been associated with Mirai malware and botnets is known to frequent these forums,” states the Flashpoint report. “The hackers that frequent this forum have been previously known to launch these types of attacks, though at a much smaller scale.”

A hacker using the handle Anna-Senpai is known to be connected to the Mirai software and regularly frequents these forums, and is believed to have operated the original Mirai botnet that was used in the attack against the “Krebs on Security” website and French hosting provider OVH earlier this month, said Flashpoint.

Flashpoint said it “assesses with moderate confidence that these attacks were not financially or politically motivated. Typically, financially motivated DDoS attacks will target business competitors, online gambling sites or Bitcoin exchanges. Attackers can also use DDoS attacks or threats to extort money from businesses that would be affected by an outage.” 

It is also unlikely that the attacks were politically motivated, because the attacks were so broad and not directed at any specific entity, the business intelligence firm added.