Investigation Into Suspected Actors Behind U.S. DDoS Attacks

In the wake of DDoS attacks against major U.S. websites such as Twitter, Amazon, Netflix, and Spotify – platforms serving a vast user base – speculation has risen around the potential perpetrators behind this sweeping digital disruption. Given recent U.S. government accusations concerning Russian interference with the U.S. election through hacking the Democratic Party’s emails, one might question whether this could be Russia’s attempt to destabilize key internet companies.

The aim of this article is to shed light on speculation and consider the possible threat actors.

Russia

Russia has previously been implicated in “Fancy Bear” cyber attacks against governmental and private targets in the West. One notable example includes the hack of the World Anti-Doping Agency database, ostensibly focused on unearthing health record data of American athletes. Many speculate that this may have been an attempt to expose use of performance-enhancing drugs among U.S. athletes in retaliation for doping accusations against Russian athletes. The nature of these attacks suggest a high level of sophistication, leading some experts to infer they originate from a state-backed entity—predominantly pointing towards Russia.

North Korea

Remember when North Korea was said to have hacked Sony over a contentious film, “The Interview,” that they found offensive? The incident, culminating in Sony withdrawing the film from theaters in response to threats, brought the secluded Asian country into the cyber crime limelight. The incident resonated keenly with U.S. corporations, prompting then President Barack Obama to pronounce that the U.S. would stand against such threats. Interestingly, shortly after the Sony debacle, North Korea’s internet temporarily crashed, stirring speculation that it was U.S retaliation, though this was never confirmed. Given historical precedent, it’s not completely farfetched to postulate North Korea’s role as a possible suspect in the current round of DDoS attacks.

China

China, per some perspectives, might be seen as the least probable suspect. Despite an extended history of accusations and counter-accusations of economic espionage between the U.S. and China, the two nations reached an understanding in 2015. Both countries publicly disavowed any direct or indirect support of cyber theft of intellectual property. Since then, U.S. reports suggest a significant decline in Chinese-originated cyber attacks against American interests, making China an improbable origin of the current DDoS attacks.

Individuals

Given the regional focus of this attack, it’s possible that a smaller group of individuals or a non-state actor conducted it. One could argue that a nation-state with significant cyber capabilities might aim for a larger, statewide disruption, rather than focusing on a limited geographic area. However, this can only be speculative without further concrete evidences.

While intermittent attacks continue against some of these domains, internet management company Dyn reports progress in resolution efforts. Now with the U.S. government stepping into the investigation, we need barely wait for definitive conclusions. The cybersecurity community, no doubt, eagerly awaits the unveiling of these digital functionaries.

The current article offers possible suspects and is informative but remains speculative pending further investigation.