National Security

Internet outages in West Africa raise fears that hackers are testing their weapons

Liberia was last in the news when Ebola swept the nation. Now digital hackers are targeting the West African country.
Liberia was last in the news when Ebola swept the nation. Now digital hackers are targeting the West African country. TNS

Brief internet outages this week in Liberia have captured the attention of cybersecurity researchers around the world, who fear the small West African nation has become a testing zone for global hackers.

Punishing digital attacks sent all of Liberia offline for short, intermittent periods, often barely a second. One cybersecurity researcher said the attacks were “weapon testing” and might signal that hackers were preparing a much larger, similar attack in Europe or North America.

The hackers employed a now-free weapon called Mirai, which harnesses thousands of internet-connected devices – such as baby monitors, home routers and closed-circuit cameras – and turns them into zombie digital soldiers in a “botnet” army that fires digital signals and overwhelms servers with traffic, grinding internet service to a halt.

Hackers used the same malicious tool to yoke together about 100,000 infected devices for an attack Oct. 21 on a New Hampshire-based internet backbone company, Dyn, that knocked Amazon, Twitter, Netflix, Airbnb, Reddit, Spotify and dozens of other companies off the internet for part of a day. That crippling attack using the so-called “Internet of Things” signaled a new era of low-cost malicious assaults.

Among the first to highlight the attacks on Liberia was a U.K.-based cybersecurity architect, Kevin Beaumont, who wrote in a blog post Thursday: “The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.”

The malicious code dubbed Mirai, which means “the future” in Japanese, was released on hacker forums last summer, enabling any hacker to assemble a botnet to conduct attacks.

Following Beaumont’s warning, other researchers banged the drums of alarm.

“This is a full blown attack designed to interrupt the operations of a foreign government. How can that not be considered a weapon?” Morey Haber, a security strategist with BeyondTrust, a Phoenix-based company that develops secure computer management products, wrote in a blog post Friday.

Another security specialist, Thomas Pore of Plixer, a company that helps clients detect suspicious computer activity, warned that the Liberia attack is only an initial salvo.

“Perhaps Liberia is just the testing ground for something larger. If Botnet #14 is ‘weapons testing’ with Liberia, it’s possible that the USA will see a massive sustained outage of over 4 hours before the end of the year,” Pore said in a statement sent to McClatchy.

Liberia is connected with the rest of the world through an undersea fiber cable built in 2011. The cable network links 21 countries in the Middle East, Africa and Europe.

Beaumont gave the botnet the name “Shadows Kill” and said the hackers were firing up to 500 gigabits per second of traffic at the servers of two Liberian firms that co-own access to the undersea cable.

Researchers fretted that Mirai is letting hackers expose nations, and maybe even continents, to the risk of digital disruption.

“While this maybe is just another test of the botnet itself (I doubt it – but it could be), it has now been proven that the results can be devastating to a nation and provides a glimpse of how it can be used in even larger-scale attacks to potentially knock out entire continents off the grid,” Haber wrote in his blog post.

Tim Johnson: 202-383-6028, @timjohnson4