Security Experts:

Script Kiddies Likely Behind Dyn DDoS Attacks

There are several theories and claims as to who might be behind the distributed denial-of-service (DDoS) attacks launched last week against DNS provider Dyn, but researchers believe the attacks were actually launched by script kiddies.

The DDoS attacks launched on Friday against Dyn’s managed DNS infrastructure caused disruptions for several major websites, including PayPal, Twitter, Reddit, GitHub, Amazon, Netflix and Spotify.

Experts have confirmed that the attack involved Mirai botnets, which have ensnared hundreds of thousands of Internet of Things (IoT) devices after the Mirai malware source code was leaked by its original author.

The hacker known as “The Jester,” who recently claimed to have defaced a website belonging to Russia’s Ministry of Foreign Affairs, said the Russian government was behind the attack on Dyn. WikiLeaks suggested that its supporters were responsible, and a group of hacktivists known as “New World Hackers” have also taken credit for the disruption.

However, researchers at Flashpoint believe the attacks on Dyn were not launched by state-sponsored actors, hacktivists or profit-driven cybercriminals. Experts assessed, with moderate confidence, that script kiddies, particularly members of the HackForums website, are responsible.

The security firm’s analysis revealed that the infrastructure used in the Dyn attacks was also leveraged to unsuccessfully target a major video game company.

“The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivists, nation-states, and terrorist groups,” Flashpoint said. “These other types of threat actors are unlikely to launch such an attack without a clear financial, political, or strategic objective, and they are very unlikely to launch an attack against a video game company.”

“Participants in the Hackforums community have been known to launch DDoS attacks against video game companies to show off their credentials as hackers of skill, or to ‘troll’ and gain attention by causing disruption to popular services,” the company added.

Mirai botnets have been increasingly abused for DDoS attacks following the source code leak. Cybercriminals can create large botnets due to the fact that many DVRs, IP cameras and routers can be easily hacked.

One of the companies whose products have been abused in such attacks is Dahua Technology. Researchers warned that products using hardware and software components from China-based XiongMai Technologies are also susceptible to attacks due to hardcoded credentials and a Telnet service that is active by default. The Chinese vendor has announced plans to recall some of the vulnerable products.

Related: Sierra Wireless Rugged Gateways Targeted by Mirai Malware

Related: MITRE Offers $50,000 for Rogue IoT Device Detection

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.