One of the operators behind a Mirai botnet pleaded guilty to their involvement in a huge DDoS attack that caused a massive Internet disruption during October 2016.
Multiple high-profile websites and online services including Amazon, PayPal, Visa, Netflix, the PlayStation Network, and Airbnb were taken down as a direct result of this DDoS attack.
The botnet, a variant of the Mirai botnet, was developed by the defendant with the help of others between roughly 2015 until November 2016, specifically for being used to target gaming platforms in DDoS attacks.
The conspirators used it to infect and convert Internet-connected video cameras, recorders, and other Internet-of-Things (IoT) devices into bots that were used as the “army” that powered the group’s DDoS attacks.
Over 100,000 infected devices used in the attack
The defendant, a minor when the attacks took place, and his conspirators targeted their massive DDoS (Distributed Denial of Service) attack at the Sony PlayStation Network’s gaming platform but it also affected the systems of Domain Name System (DNS) provider Dyn.
After the attack, many of the sites and services using Dyn’s DNS servers were also affected by this attack and remained down throughout the next day while the DNS provider was working to bring back up the main DNS servers targeted by the conspirators’ botnet.
“We saw both attack and legitimate traffic coming from millions of IPs across all geographies,” Scott Hilton, Dyn EVP of Product, said in a summary of the attack.
“It appears the malicious attacks were sourced from at least one botnet, with the retry storm providing a false indicator of a significantly larger set of endpoints than we now know it to be.
“We are still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints.”
Dozens of big sites and platforms affected
The huge 2016 Dyn DDoS attack resulted in a massive Internet disruption later spread to hundreds of thousands of sites that used the DNS provider’s services.
The list of impacted sites also included dozens of high-profile websites and online platforms that suffered losses from remediation costs and lost advertising revenues.
The massive DDoS attack indirectly affected Dyn’s servers and brought down a substantial part of the Internet across both North America and Europe together with Sony’s PlayStation Network, the primary target of the attack.
“According to court documents, on Oct. 21, 2016, the individual and others used the botnet they created to launch several DDoS attacks in an effort to take the Sony PlayStation Network’s gaming platform offline for a sustained period,” DoJ press release said.
“The DDoS attacks impacted a domain name resolver, New Hampshire-based Dyn, Inc., which caused websites, including those pertaining to Sony, Twitter, Amazon, PayPal, Tumblr, Netflix, and Southern New Hampshire University (SNHU), to become either completely inaccessible, or accessible only intermittently for several hours that day. “
The identity of the defendant was withheld because they were juvenile at the time the offense was commissioned. The individual’s sentencing was scheduled for January 7, 2021.