Hack at­tacks cut in­ter­net ac­cess in Liberia

Malta Independent - - TECHNOLOGY -

Liberia has been re­peat­edly cut off from the in­ter­net by hack­ers tar­get­ing its only link to the global net­work.

Re­cur­rent at­tacks up to 3 Novem­ber flooded the ca­ble link with data, mak­ing net ac­cess in­ter­mit­tent.

Re­searchers said the at­tacks showed hack­ers try­ing dif­fer­ent ways to use mas­sive net­works of hi­jacked ma­chines to over­whelm high-value tar­gets.

Ex­perts said Liberia was at­tacked by the same group that caused web-wide dis­rup­tion on 21 Oc­to­ber.

Those at­tacks were among the big­gest ever seen and made it hard to reach big web firms such as Twit­ter, Spo­tify and Red­dit.

The at­tacks were the first to send over­whelm­ing amounts of data from weakly pro­tected de­vices, such as we­b­cams and dig­i­tal video recorders, that had been en­rolled into what is known as a bot­net. A bot­net vari­ant called Mi­rai was iden­ti­fied by se­cu­rity firms as be­ing the tool used to find and com­pro­mise the inse­cure de­vices.

The source code for Mi­rai has been widely shared and many ma­li­cious hacker groups have used it to seek out vul­ner­a­ble de­vices they can take over and use to mount what are known as Dis­trib­uted De­nial of Ser­vice at­tacks.

“There’re mul­ti­ple dif­fer­ent bot­nets, each with a dif­fer­ent owner,” se­cu­rity re­searcher Kevin Beau­mont said. “Many are very low-skilled. Some are much bet­ter.”

The hack­ers be­hind the “huge” net­work that at­tacked Liberia, dubbed bot­net#14, were “much more skilled”, Mr Beau­mont said.

“The at­tacks are ex­tremely wor­ry­ing be­cause they sug­gest a Mi­rai op­er­a­tor who has enough ca­pac­ity to se­ri­ously im­pact sys­tems in a na­tion state,” he wrote in a blog­post. Net­work firm Level 3 con­firmed to tech news site ZDNet that it had seen at­tacks on tele­coms firms in Liberia mak­ing ac­cess to the web spotty. Other re­ports sug­gested mo­bile net ac­cess was af­fected too.

The at­tacks var­ied in length with some last­ing only 30 sec­onds and the long­est be­ing sus­tained for a few min­utes. At times the amount of data be­ing fun­nelled to­wards Liberia ex­ceeded 600 gi­ga­bits per sec­ond.

Net ac­cess in Liberia comes via an un­der­sea ca­ble whose ca­pac­ity is shared with many other na­tions in West Africa.

“They’re try­ing a num­ber of dif­fer­ent tech­niques for short bursts, against the com­pa­nies who own the sub­ma­rine ca­ble to Liberia,” said Mr Beau­mont, adding that com­mands to bot­net#14 seemed to orig­i­nate in the Ukraine.

Mr Beau­mont said the con­trollers of bot­net#14 were re­fin­ing their con­trol of the at­tack sys­tem but it was not yet clear who it would be turned against next.

A Twit­ter ac­count, called #Mi­ra­iat­tacks has been set up by a se­cu­rity com­pany to mon­i­tor the many dif­fer­ent at­tack tar­gets hit by Mi­rai bot­nets. Ear­lier tar­gets in­cluded com­puter se­cu­rity firms, schools, food-or­der­ing ser­vices and gam­ing sites.

Newspapers in English

Newspapers from Malta

© PressReader. All rights reserved.