In October 2017, we published a report on the Liberian hacking attack against Lonestar, MTN’s Liberian subsidiary. Last week a British Court gave the hacker a jail sentence and revealed who the company was who paid for the hack. Russell Southwood updates the story and looks at future implications.
The hacker Daniel Kaye (who called himself Spiderman) was a British citizen who was educated in Israel. However, he was a self-taught hacker and this proved to be his undoing. The self-taught hacker was paid £30,000 by a rival company to disrupt Lonestar’s services between October 2016 and February 2017.
In court to face charges for these actions, Kaye, from Egham, Surrey, pleaded guilty to two offences under the Computer Misuse Act and to one charge of possessing criminal property and was sentenced to a total of 32 months in prison.
According to the UK prosecutor, Kaye made a rolling arrangement with a third party who worked for Cellcom under which he was paid 30,000 US dollars (£23,000) between late 2015 and early 2016.
The self-taught hacker adapted an existing virus to create a botnet variant called Mirai £14 whose purpose was to trigger DDoS assaults on internet networks using different devices which he was the able to control. The devices became a “conduit for the attack upon the Lonestar servers” with the effect of “overwhelming it with the sheer number of connections”. According to the prosecutor, Lonestar’s servers collapsed and “couldn’t operate properly”.
The court heard that the company estimated its revenue dipped from 84 million US dollars (£65.3 million) to 17 million US dollars (£13.2 million) between October 2015 and February 2016. The company also had to spend US$600,000 repairing the damage after the attack.
There were two things that tripped up hacker Kaye and he might otherwise have got away with what he did. Firstly, the DDoS attack was designed in such a way that it inadvertently caused Deutsche Telkom’s users to lose their internet connections. According to the UK Guardian, it took control of 900,000 routers and denied 1.25 million customers internet access. It also affected the Cologne water treatment facility and other telephony systems. As a result, German prosecutors charged him and in July 2017 he admitted in Court that he was acting for a Liberian client.
Secondly, he was a British Citizen and the UK’s National Criminal Agency worked with international agencies (including the Germans and Cypriots) to bring him to justice. He was living in Cyprus when the attacks were carried out. However, Kaye was arrested at Heathrow Airport in London in February 2017 under a European Police Warrant in relation to interference with the systems of Deutsche Telekom. He was found to be carrying 10,000 US dollars (£7,800) in cash, which was part of what he had been paid for his work against Lonestar. A mobile phone was also seized which contained a “Mirai monitor” that showed Kaye’s code connecting to hundreds of thousands of devices. Kaye was convicted in Germany of attempted computer sabotage and given a one-year and eight months sentence, suspended for three years.
If the hacker had not been an EU citizen and the DDoS attack had not affected Germany then it is highly likely that both the hacker and Cellcom would have got away with this crime. There is almost no capacity in countries like Liberia to carry out prosecutions of hackers.
Furthermore it appears that Cellcom will escape punishment. Cellcom is described as “an affiliate” of Israel-based LR Group that is is owned by Ami Lustig and Roy Ben Yami. Again it describes itself as specialising in financing, managing, developing, producing, and maintaining medium and large scale national projects in high-growth economies all over the world. Orange agreed to buy the Liberian company in January 2016 and concluded the deal in April 2016. Cellcom still owns and operates Cellcom Guinee.
It might be argued that an individual Cellcom manager took it upon him or herself to commission the hacker but it seems unlikely (but maybe not impossible) that a individual manager would pay US$30,000 out of their own pocket to do this.
There is every possibility that this kind of DDoS attack against a commercial rival might be commissioned again or be commissioned by a rogue state and the industry needs to implement protective measures for itself and its consumers. Also African Governments need to acquire a greater capacity to pursue cyber-criminals.