The U.S. government is still trying to figure out who carried out the massive cyberattack that crippled popular websites around the globe last week, but “preliminary” evidence indicates it was not done by a government.
But there are clues.
On Tuesday, Director of National Security James Clapper told the Council on Foreign Relations that “preliminary results” show “a non-state actor” carried out Friday’s attack.
Flashpoint, a private intelligence firm that specializes in cybersecurity, thinks the attacker is “likely connected to the English-language hacking forum community” that hangs out at HackForums.net. It’s a hot spot for people who are interested in video games.
Flashpoint researchers on Tuesday pointed out one particular hacker who appears on that forum and operates under the online name “Anna-Senpai.” They noted that this person released the source code for Mirai, the superweapon involved in Friday’s attack, in early October.
The same machines used in the latest attack were also once used to attack a major video game company, Flashpoint asserts.
“The hackers that frequent this forum have been previously known to launch these types of attacks, though at a much smaller scale,” Flashpoint said in a written briefing to reporters.
Security experts say the attack Friday infected hundreds of thousands of devices in people’s homes, such as webcams and digital video recorders, and used them to help bring down major sites like Twitter ( , Tech30) and Netflix ( , Tech30).
The perpetrators caused widespread disruption by bombarding a key backbone of the internet with so much traffic that it impaired normal service, a method known as a denial of service attack.
The target, U.S.-based company Dyn, works as a middleman to make sure that when you type in a URL like twitter.com, you get to the correct site.
As a result, throughout the day Friday many users were unable to connect to widely used platforms like Twitter, Netflix, Spotify and the Financial Times in various parts of the U.S. and Europe.
The FBI said Friday that it was “investigating all potential causes of the attack,” and the U.K.’s Home Office said it was looking into the matter.
No groups have claimed responsibility — and Obama’s comment late Monday suggested little progress has been made on pinpointing who might be behind the online assault.
The methods used in Friday’s attack were very similar to those deployed against the website of cyber researcher Brian Krebs last month and French internet service provider OVH, according to Flashpoint. It’s unknown if the attacks are related.
While DDoS attacks are nothing new, research shows they’re becoming increasingly sophisticated and frequent.
Friday’s cyber-blitz demonstrated how vulnerable the internet’s infrastructure still is to these types of bombardments — and how seemingly innocuous household devices can be turned into online weapons.
“What is true is that we are all connected. We’re all wired now,” Obama told Kimmel on Monday.
“One of the biggest challenges for the next president and the president after that and the president after that is going to be how do we continue to get all the benefits of being in cyberspace but protect our finances, protect our privacy,” he said.
— Kevin Liptak and Samuel Burke contributed to this report.