More than four years after the Dyn cyberattack in 2016, we have a better idea of who was behind one of the most disruptive DDoS attacks in internet history. This week, the Justice Department announced a guilty plea from an individual who took part in the attack. Due to the fact they were under the age of 18 when they committed the crime, the agency didn’t share their identity. But it did reveal that between 2015 and November 2016, this person conspired with others to build out botnets. Using the infamous Mirai malware, they infected countless computers and IoT devices for the purpose of carrying out distributed denial of service attacks.
Their criminal activities culminated on October 21st, 2016, when they used their botnet to launch a DDoS attack against Sony’s PlayStation Network. In the process, they ended up affecting Dyn, one of the largest domain name service (DNS) providers in the US. When Dyn went down, most of the internet went down with it too. And across the US and parts of Europe, major websites like Amazon, GitHub, PayPal, Reddit and Twitter weren’t accessible for much of the day. The financial fallout of the attack was significant, with Sony estimating it lost about $2.7 million in revenue the day of the attack.
At the time, groups like Anonymous and New World Hackers said they were responsible for the attack, but offered little in the way of evidence to support those claims. The Justice Department didn’t say if this person was involved in any group, but did offer a small tidbit of information about their motive. In creating a botnet, their goal was to apparently target computers “belonging to online gamers or gaming platforms.” Their sentencing is scheduled for January 7th, 2021.