Learning from major cyber security incidents
Learning from major cyber security incidents

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Learning from major cyber security incidents

4.3 Who were the attackers?

At the time of writing, it is still not known for sure who the attackers behind the Dyn attack are. As botnets are available for hire, people without good computer knowledge can also launch attacks, so this attack did not have to be a state-sponsored one. One of the powerful botnets on hire at that time was vDOS; this was investigated and reported in depth by the freelance security journalist Brian Krebs, which subsequently led to it being shut down by the police (Krebs, 2016). It was believed that the extremely high-traffic (620 Gbit/s) DDoS attack on Krebs’s blog (Krebs on Security) in September 2016 was an act of retaliation against Krebs.

As Krebs’ investigation continued, the author of the Mirai malware released the source code to a hackers’ forum using the nickname Anna Senpai. It was believed this was an act to distract police investigators rather than the malware authors being ‘generous’. Nevertheless, Krebs eventually identified the authors of the malware based on analysis of the data from DDoS mitigation services, studying the discussions in the hackers’ forums and interviewing people in January 2017. The real identities of Mirai’s authors are 21-year-old Paras Jha from New Jersey and 20-year-old Josiah White from Pennsylvania, USA. The pair were co-founders of Protraf Solutions LLC, which is ironically a company that specialises in mitigating large-scale DDoS attacks! The pair were subsequently charged and pleaded guilty to creating the Mirai malware (though there was no convincing evidence to prove that they carried out the Dyn attack).

Paras Jha was a computer science student at Rutgers University, New Jersey, at that time. He also admitted attacking the university a number of times between 2015 and 2016, causing the university to spend hundreds of thousands of US dollars to improve security. He was also suspected to be responsible for the attack on the French cloud company OVH in September 2016, aiming to disrupt the services of gaming servers hosted by OVH in order to gain advantage for the gaming server he supported.

Apart from using the botnet to attack servers, Jha, White and a third person called Dalton Norman also admitted to conducting a click fraud, which is a form of online advertising fraud that fools the advertiser into believing their hosting advertisement receives a much higher click rate than it actually does. As a result of the click fraud they received about 200 bitcoins, which were worth over $180 000 in January 2017 (Krebs, 2017).

TM255_1

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371