The attack against Liberia began in October 2016. More than a half-million security cameras around the world tried to connect to a handful of servers used by Lonestar Cell MTN, a local mobile phone operator, and Lonestar’s network was overwhelmed. Internet access for its 1.5 million customers slowed to a crawl, then stopped.
The technical term for this sort of assault is distributed denial of service, or DDoS. Crude but effective, a DDoS attack uses an army of commandeered machines, called a botnet, to simultaneously connect to a single point online. This botnet, though, was the biggest ever witnessed anywhere, let alone in Liberia, one of the poorest countries in Africa. The result was similar to what would happen if 500,000 extra cars joined the New Jersey Turnpike one morning at rush hour. While most DDoS attacks last only moments, the assault on Lonestar dragged on for days. And since Liberia has had virtually no landlines since the brutal civil war that ended in 2003, that meant half the country was cut off from bank transactions, farmers couldn’t check crop prices, and students couldn’t Google anything. In the capital of Monrovia, the largest hospital went offline for about a week. Infectious disease specialists dealing with the aftermath of a deadly Ebola outbreak lost contact with international health agencies.
Eugene Nagbe, Liberia’s minister for information, was in Paris on business when the crisis began. He struggled to marshal a response, unable to access his email or a reliable phone connection. Then his bank card stopped working. On Nov. 8, with hundreds of thousands of people still disconnected, Nagbe went on French radio to appeal for help. “The scale of the attack tells us that this is a matter of grave concern, not just to Liberia but to the global community that is connected to the internet,” he said. The onslaught continued. No one seemed to know why, but there was speculation that the hack was a test run for something bigger, perhaps even an act of war.
Then, on Nov. 27, Deutsche Telekom AG in Germany started getting tens of thousands of calls from its customers angry that their internet service was down. At a water treatment plant in Cologne, workers noticed the computer system was offline and had to send a technician to check each pump by hand. Deutsche Telekom discovered that a gigantic botnet, the same one targeting Liberia, was affecting its routers. The company devised and circulated a software fix within days, but the boldness and scale of the incident convinced at least one security researcher that Russia or China was to blame.
When the botnet took down the websites of two British banks, the U.K. National Crime Agency got involved, as did Germany’s BKA, with support from the U.S. Federal Bureau of Investigation. German police identified a username, which led to an email address, which led to a Skype account, which led to a Facebook page, which belonged to one Daniel Kaye, a lanky, pale, 29-year-old British citizen who’d been raised in Israel and described himself as a freelance security researcher.
When Kaye checked in for a flight to Cyprus at London’s Luton Airport on the morning of Feb. 22, 2017, he triggered a silent alarm linked to a European arrest warrant in his name. He was in line at the gate when the cops arrived. “That’s him!” an officer said, and Kaye felt hands grab him roughly under the arms. He was taken to a secure room, where officers searched him and found $10,000 in a neat stack of $100 bills. Afterward they drove him to a nearby police station and locked him up. That was until Kaye, a severe diabetic, began nodding in and out of consciousness, then collapsed in his cell. He was rushed to a nearby hospital, where two police officers stood guard outside his room just in case their prisoner managed to overcome his hypoglycemic coma and escape.
But Kaye was no Kremlin spy or criminal mastermind, according to court filings, police reports, and interviews with law enforcement, government officials, Kaye’s associates, and Kaye himself. He was just a mercenary, and a frail one at that.
Kaye gets out of prison this year, and you can bet a whole lot of people will be watching where he goes. Some will want him contained, some will want him hired, and some may want something far more sinister. But these are the new rock stars of the decade: the gray hats, hackers who aren't playing good guy or bad guy, but whoever hires them gets their services. Expect to see a lot more of them this decade.
No comments:
Post a Comment