Hacker Pleads Guilty to Building Internet of Things Army for Cyberattacks
A young hacker has admitted to attempting to take down Sony’s Playstation Network gaming platform by hijacking “internet of things” (IoT) devices after reaching a plea deal with federal prosecutors.
Judge Landya B. McCafferty, chief judge for the U.S. District Court for the District of New Hampshire, accepted the hacker’s guilty plea on computer fraud and abuse charges during a closed door hearing, according to a Wednesday news release from the Department of Justice. Because the individual was a juvenile at the time of the offense, their identity is being withheld in accordance with the Juvenile Delinquency Act.
Officials say that the hacker conspired with others to create a “botnet” by taking control of unspecified IoT devices—items that can include video cameras, recorders, devices found in “smart homes” like appliances or anything else with an online connection.
The botnet was used to target the Playstation network on October 21, 2016, with the goal of knocking it offline for an extended period of time with a DDoS, or “distributed denial of service” attack, which hackers often use to crash website access for legitimate users by overwhelming a site with massive amounts of traffic sent from multiple sources.
The impact of the attack was not limited to Playstation because it focused on a domain name resolver, a computer used to process internet addresses, that was used by multiple entities. In addition to Sony, sites owned by Twitter, Amazon, PayPal, Netflix, Tumblr and Southern New Hampshire University were also blocked or only intermittently accessible for several hours.
The attack resulted in financial damages to all those affected, with Sony estimating a loss of $2.7 million in net revenue. In addition to the Playstation attack, officials say that the hacker and unspecified co-conspirators participated in several other attacks on computers, “specifically targeting those belonging to online gamers or gaming platforms,” between 2015 and November 2016. McCafferty is expected to issue a sentence to the guilty individual on January 7.
The case was investigated by the FBI and prosecuted by attorneys from the Computer Crime and Intellectual Property Section of the Justice Department’s Criminal Division and the U.S. Attorney’s Office for the District of New Hampshire. Although no additional details were available, the case likely included individuals or entities from abroad since the investigation was aided by the National Crime Agency and Police Service of Northern Ireland.
Potential security issues involving IoT devices have been an ongoing concern in the U.S. and elsewhere for several years. Last week, President Donald Trump signed a bipartisan bill, the Internet of Things Cybersecurity Improvement Act, which mandates minimum security standards for IoT devices operated or owned by the federal government.
Newsweek reached out to the U.S. Attorney’s Office for the District of New Hampshire for further information and comment.
This article originally appeared on newsweek.com To read the full article and see the images, click here.
Nastel Technologies helps companies achieve flawless delivery of digital services powered by middleware. Nastel delivers Middleware Management, Monitoring, Tracking and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s Navigator X fuses:
- Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
- Raw information handling and analytics speed
- End-to-end business transaction tracking that spans technologies, tiers, and organizations
- Intuitive, easy-to-use data visualizations and dashboards
Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT and many more.
The Nastel i2M Platform provides:
- Secure self-service configuration management with auditing for governance & compliance
- Message management for Application Development, Test, & Support
- Real-time performance monitoring, alerting, and remediation
- Business transaction tracking and IT message tracing
- AIOps and APM
- Automation for CI/CD DevOps
- Analytics for root cause analysis & Management Information (MI)
- Integration with ITSM/SIEM solutions including ServiceNow, Splunk, & AppDynamics