The huge distributed denial of service (DDoS) attack that rocked numerous high-profile websites last week was likely the work of ‘script-kiddies’ looking to cause mayhem rather than state-sponsored actors according to security firm Flashpoint.
In a blog the firm, which was one of those that first tackled the huge attack that hit internet infrastructure firm Dyn, said that despite speculation to the contrary it did not believe Russia, or any other nation state, was involved.
“Flashpoint assesses with a moderate degree of confidence that the perpetrators behind this attack are most likely not politically motivated, and most likely not nation-state actors,” it said.
It expanded on this by noting that at the same time of the attack against Dyn, it uncovered evidence of an attack against a video game company. While this did not have any impact Flashpoint claims it shows the attackers were just out to cause trouble.
“The targeting of a video game company is less indicative of hacktivists, state-actors, or social justice communities, and aligns more with the hackers that frequent online hacking forums,” it said.
“These hackers exist in their own tier, sometimes called “script kiddies,” and are separate and distinct from hacktivists, organized crime, state-actors, and terrorist groups.
“They can be motivated by financial gain, but just as often will execute attacks such as these to show off, or to cause disruption and chaos for sport.”
Flashpoint also questioned what political benefit there would in taking on Dyn, as so many websites are affected it is unclear what damage it would really do to any specific entity, as opposed to general annoyance.
“Dyn DNS is a central target whose outage would affect a wide variety of website and online services, and does not disproportionately affect any one political entity,” it said.
"Such a broad scope of targeting does not lend itself to a politically motivated attack. Additionally, the indicators that we do have point to specific communities that have historically been apolitical.”
Of course there is always the possibility the attackers delibrately obscured their motiviations to hide their true origin, perhaps as a means to test the effectiveness of using DDoS to disrupt major websites.
The attack against Dyn used the recently released Mirai botnet that takes advantage of insecure Internet of Things (IoT) devices to generate huge traffic loads that overwhelm internet systems.
This has been noted as a major risk to the web as it gives anyone with the desire the ability to knock any website offline for any reason.
Just spent a year working on them? Too bad, Intel's lost interest
Sony factory in Wales now making 100,000 Raspberry Pis every week
38-year-old Alexander Vinnik faces up to 55 years in jail
Threadripper also available from today if you want a lot more power - but you'll have to wait for the motherboards to appear