The Source of Dyn Attacks Likely Script Kiddies

Flashpoint recently published an assessment of the aftermath of the DNS service provider Dyn DDoS attacks and indicated that script kiddies are the likely culprit behind it and not politically-motivated hacking groups. 

Flashpoint dismissed numerous claims of responsibility that separately linked the attack political actors such as the Russian government, WikiLeaks or the New World Hackers. Instead, the company said with “moderate degree of confidence” that the attacks are linked to the Hackforums community. The Hackforums website is the online hacking group where the Mirai botnet source code was anonymously released for general availability where anyone can utilize it to launch their own botnet network for DDoS attacks.

Flashpoint concludes this based on a number of factors, including the general availability of the Mirai botnet code for anyone to utilize, including amateur hackers or script kiddies. Mirai scans the Internet for IoT devices such as those used in the attack on Dyn, the “Krebs on Security” blog and the French internet service and hosting provider OVH. The malware uses 60 known weak and default credentials on the IP-enabled cameras, DVRs and other internet-connected devices for immediate access before manipulating them into giant botnets used to DDoS targets. Mirai is now gaining more attention for being part of the attack on Dyn’s web servers, knocking out websites such as PayPal, Twitter, Reddit, GitHub, Amazon, Netflix, Spotify, and RuneScape for almost an entire day last Friday.

Level 3 Communications stated previously that due to the Mirai source code release, more than half of botnet traffic has doubled. Since at least a third of the attacks has been attributed to the Mirai botnet, this makes Flashpoint believe that the hacking community providing a wide variety of stressors and booster tools allows for anyone to launch their own DDoS attacks easily, all of which contributed to the Dyn attack.

Scroll Up