‘Members of hacker forum carried out ddos attack on Dyn’ – update
The security company Flashpoint, which previously wrote about the DDoS attack on DNS provider Dyn, says in an analysis that the attack was probably not the work of a state. The company could say with “reasonable certainty” that members of a hacker forum were behind it.
Flashpoint writes that the ddos, which was run using the Mirai-iot botnet, targeted an undisclosed game company, among others. While the service was not shut down, choosing such a target would not suit any state or hacktivists. According to the company, the choice is more suitable for members of hacking forums, which it describes as script kiddies. For example, the reason for carrying out an attack would be ‘the need to brag or cause chaos’. Flashpoint does not see a financial reason in this case, as there were no signs that the attackers were asking Dyn for money. A political motivation is also unlikely, because Dyn is not a political target.
Therefore, the conclusion of the security company is that the attack was probably carried out by members of the site hackforums.net. The site’s members are said to be known for developing and using ddos tools such as booters and stressers. One of the forum members, under the name “Anna-senpai,” recently released the source code of the malware behind the Mirai botnet. This person would also be responsible for the previous Ddos attacks on the site of journalist Brian Krebs and on the hosting service OVH. Members of the forum are said to have previously carried out attacks on game companies.
So far, several parties have claimed the attack or provided clues about the perpetrators. For example, Flashpoint mentions the hacktivist known as The Jester of th3j35t3r, who suggested that Russia is behind the attacks. In addition, WikiLeaks asked via Twitter whether “WikiLeaks supporters want to stop shutting down the American internet.” A group known as the ‘New World Hackers’ claimed to be responsible for the ddos. Flashpoint estimates these possible perpetrators as unlikely.
In the wake of last Friday’s attacks, the Chinese manufacturer of devices used in DDOs, in this case webcams, has launched a recall. In addition, the company has released patches for its products.
Update, 14:12: In an interview with CBS News, US intelligence chief James Clapper says he believes it was not a state but “bored children or criminals” who carried out the attack.