Unprecedented cyber attack takes Liberia's entire internet down

Cara McGoogan

Published 04/11/2016 | 10:59

The attack is the same used to shut off sites including Netflix, eBay and Reddit Photo: Reuters
The attack is the same used to shut off sites including Netflix, eBay and Reddit Photo: Reuters

An unprecedented cyber attack has knocked Liberia's internet offline, as hackers targeted the nation's infrastructure using the same method that shut down hundreds of the world's most popular websites at the end of last month.

  • Go To

The attack, which is the same used to shut off sites including Netflix, eBay and Reddit, fuels fears that cyber criminals are practicing ways to sabotage the US' internet when the country heads to the polls on November 8.

Multiple attacks against Liberia's rudimentary internet infrastructure have have intermittently taken the country's websites offline over the course of a week. Although it isn't clear who was behind either attack, experts said the method used was simple enough to have been launched by a lone actor and that it appeared to have come from the same source.

The attacks on Liberia and Dyn, the domain name server provider responsible for hundreds of popular websites, used a weapon called the Mirai botnet, which is an army of infected webcams, DVD players and other internet-connected devices, to send an overwhelming amount of traffic to the target in order to knock it offline.

In a similar way that ticketing websites crash when a popular event goes on sale, the attackers are able to disable whole computer networks and websites using Mirai to launch a distributed denial of service assault.

Traditionally the weapon of mischievous teenagers, the Liberia attack is the first time that a DDoS has been used to bring down a whole country's network. It did so by targeting the two companies that co-own the fibre internet cables into the country with unprecedented amounts of traffic.

"Over the past week we've seen continued short duration attacks on infrastructure in the nation of Liberia," said Kevin Beaumont, a computer security expert. "The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state."

No one has yet claimed responsibility for the Liberia attack or the one against Dyn, but they are very similar in nature, according to experts.

"Given the volume of traffic, it appears to be owned by the actor which attacked Dyn," said Beaumont.

The source code, or instructions for how to use, the Mirai botnet was released online earlier this year and is free to use for anyone with the technical understanding.

Security and technology experts have warned that the recent DDoS attacks could be a trial run for hackers looking to interfere with the US election.

"Good chance of major internet attack November 8. Many groups have the ability and incentive. Maps outage alone could easily skew the election," said Adam D’Angelo, chief executive of Quora and former chief technology officer at Facebook. "Last Friday’s attack should be enough evidence. Print out directions so you can vote/campaign without internet."

In the worst case scenario, the Mirai botnet could be used to shut down sites providing voters with information and maps websites that are key to helping people find their polling station.

"The effect of these scenarios is further compounded by a lack of enthusiasm among voters, which is particularly high in this election," said Imperva. "A DDoS attack inconveniencing voters may be all that is needed to cause them to stay at home."

It could also be used to target the five states that have electronic voting and knock out the communications systems that relay results to the public.

"A DDoS attack on the AP’s election night system could result in a delayed tally," said Sean Sullivan, a researcher at F-Secure who demonstrated how hackers could tamper with the AP. "In the current political environment, delayed results will spread suspicions of voter fraud."