Briton sentenced for huge cyber attack on Liberian telco

Operating out of Cyprus, this hacker-for-hire knocked the entire country's internet offline - thought to be world first

Graphic of a cyber criminal or hacker

A British cyber criminal hired by a Liberian telco has been jailed for 32 months in the UK for unleashing targeted DDoS attacks against another rival telco in 2016.

Being paid a monthly retainer by Cellcom, Daniel Kaye used a Mirai botnet which harnessed unsecured webcams to inundate Lonestar, the rival telco, with unsustainable levels of traffic which at its peak, caused the entire country's internet to go down.

Legal or not, it was definitely effective. Lonestar claimed its inability to provide service to its customers resulted in the loss of tens of millions of dollars as customers left the network. The telco also spent a further $600,000 in remedial action to prevent further attacks.

Kaye also hacked Deutsche Telekom's infrastructure to transmit some of the traffic to Lodestar.

After his spell in Cyprus where hs was based during his freelance Liberian attacks, Kaye returned to the UK in February 2017 and was arrested carrying $10,000 on his person, a sum which was part of the payments he received from Cellcom.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The National Crime Agency by this time had already linked him to the unsuccessful attack on three British banks - Lloyds, Barclays and Halifax - in January 2017 but Kaye claims he loaned out the botnet on the dark web during this time. These charges were later formally dropped.

Germany wanted Kaye extradited to face punishment there for hacking and misusing its infrastructure but instead, he faced the stronger charges for his crimes in Africa.

Kaye was tried and sentenced in the UK because British law (Computer Misuse Act 1990) allows a cyber criminal to prosecuted for an offence anywhere in the world.

Kaye is believed to be the first cyber criminal to bring down an entire nation's internet and as a result, "a substantial number of Lonestar's customers switched to competitors", said Babatunde Osho, Lonestar's former chief executive in written submissions to the court.

"In the years preceding the DDoS attacks, Lonestar's annual revenue exceeded $80m (62.4m). Since the attacks, revenue has decreased by tens of millions and its current liabilities have increased by tens of millions."

Advertisement - Article continues below

"Daniel Kaye was operating as a highly skilled and capable hacker-for-hire," said Mike Hulett, head of operations at the National Cyber Crime Unit. "His activities inflicted substantial damage on numerous businesses in countries around the world, demonstrating the borderless nature of cyber crime.

"Working in collaboration with international law enforcement partners played a key role in bringing Daniel Kaye to justice."

"The fact that he was caught and brought to justice shows some of the value of continued cooperation with our European counterparts in tackling cybercrime on a cross-border basis," said Paul McKay, senior analyst at Forrester. It is a rare example of a successful prosecution of a cybercriminal in an area where criminal attribution and bringing individuals to court to face prosecution is notoriously difficult."

Kaye was unsuccessful in the UK, but the botnet was so effective in Africa because Liberia's internet at the time was only provided only by a few telcos, relying on limited Atlantic cable which isn't as secure as modern European internet as traffic can reach users through more routes.

According to investigators, Liberia's internet was repeatedly downed between November 3 and November 4 2016 disrupting not just Lonestar but organisations and ordinary users up and down the state.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020