Last month, the internet was under siege by the so-called “internet of things.” A botnet of hacker-controlled webcams, DVRs, routers, and other vulnerable, unsecured devices was used to take down major sites like Spotify, Amazon, Netflix, PayPal, Twitter, and Reddit.
You likely heard about this October 21st distributed denial of service attack which involved tens of millions of IP addresses, or even experienced it firsthand when you discovered that the sites and services you commonly use were not available. Here’s what you might not have heard about: The same group of hackers is largely believed to be targeting Liberia’s fragile internet.
According to BBC News, the Liberia hacks began November 3rd. Experts believe that the same group is responsible and is using a variant of the Mirai source code, which is freely available, to build a powerful — and huge — botnet, currently dubbed botnet#14.
What is a Botnet?
A botnet is a network of vulnerable, internet-connected devices that have been commandeered by hackers. Botnets typically consist of computers, but with the proliferation of connected devices like webcams and even light bulbs, they’ve expanded to include other devices.
While some of us may protect our computers with antivirus software and take other security measures to secure them, security features are virtually non-existent for the other devices out there. They come with default passwords, which most of us just accept. Hackers take advantage of this and infect them with malware. With a massive amount of devices at their beck and call, hackers can carry out a distributed denial of service attack.
What is a Distributed Denial of Service Attack?
A DDoS attack involves a network of devices, each sending requests to a server — all at once. On its own, each bogus request has minimal impact and would be dealt with accordingly. But scaled, with a huge number of simultaneous requests coming from a massive number of devices scattered around the globe, the targeted server quickly becomes overwhelmed. All of its resources are spent dealing with the influx of bogus requests. Traffic comes to a screeching halt and all other legitimate visitors and users cannot be handled.
How Liberia Gets Internet Access
A single undersea cable brings broadband internet access to Liberia. Can you imagine if that one cable were to be severed? The hackers apparently have, and they appear to be targeting the companies that own or control it. While such attacks would not physically cut the cable, a large DDoS attack could have the same effect, cutting off Liberia’s entire internet.
Why Target Liberia?
After the first global attack, experts were left scratching their heads wondering what the hackers were trying to accomplish. An after-action analysis posted on Flashpoint discounts what it calls “dubious claims of responsibility” and suggests that the original Mirai DDoS attack in October might have been the work of a hacking forum community, perhaps as a means of trolling or showing off.
But what about Liberia, one of the world’s poorest nations? Bragging rights, perhaps. Taking down an entire nation certainly has its own brand of credibility in the cyber underworld. However, security experts are legitimately worried. An article in the Portland Press Herald quoted Thomas Pore of Plixar as saying:
“Perhaps Liberia is just the testing ground for something larger. If Botnet #14 is ‘weapons testing’ with Liberia, it’s possible that the USA will see a massive sustained outage of over 4 hours before the end of the year.”
Indeed, that is ominous for the United States, but again, what about Liberia? The November series of DDoS attacks targeting Liberia is ongoing, and it’s impacting the country’s telecom providers (which, in turn, impacts the people and businesses of Liberia).
For example, Lonestar Cell MTN, one of the country’s three major telecommunication companies, reported that it had experienced “unprecedented and repeated cyber-attacks in the form of Distributed Denial of Service from hackers.” Lonestar also points fingers at its competitors for sponsoring the attacks, and described the experience as “…profoundly disturbing to find its competitors treading on such unorthodox practice that could have far-reaching national security and economic implications.”
In its press release, Lonestar urged Liberian authorities to immediately investigate these attacks because they have the potential to affect financial institutions, they amount to economic sabotage, they are undermining government revenue, and they are denying subscribers from receiving services. The company also urged the Liberia Telecommunications Authority to ensure that Liberia joins AfricaCERT, an organization committed to promoting cyber security in Africa.
The last few weeks have shown that Liberia has a long way to go from a technology standpoint. Though it’s making headlines now, this is not actually news. The players and devices may be new, but experts have been concerned about science and technology in developing countries for decades.
For example, Presidential Review Memorandum #33, Science and Technology in Developing Countries was first published in 1978 during the Carter administration and later declassified in 1993. Despite its age, this document is still relevant today. It discusses the need for science and technology in terms of the greater good for these countries such as food production, infrastructure improvements, economic gains, and employment opportunities. It also talks about the United States’ developmental, economic, and security interests in the technology choices adopted by developing countries.
Another issue mentioned in PRM #33 is brain drain. Developing nations have a tendency to push professionals out due to issues such as low pay, lack of satisfying work, poor working conditions, lower standard of living, etc… Meanwhile, developed countries pull professionals out with higher pay, more satisfying work, better working conditions, higher standards of living, etc. In other words, the opposite, and much more attractive, factors.
In 1999, Issues in Science and Technology featured an article by F. M. Scherer, an Aetna Professor of Public Policy and Corporate Management at the John F. Kennedy School of Government at Harvard University, titled “Global Growth through Third World Technological Progress.” In the article, the author pondered the following:
”How can the pace of technological advance be maintained, and how can the benefits of improved technology be distributed more widely to low-income nations, in which most of the world’s inhabitants reside?”
He proposed the allocation of “substantial financial resources toward building and supporting a network of energy technology research, development, and diffusion institutes in the principal underdeveloped regions of the world.” This allocation of resources would be led by the United States and Europe with an initial focus on the transfer of existing energy-saving technologies before moving to research and development — and innovation, much like how Japan built on Western technologies and pioneered their own methods after World War II.
While some of Scherer’s proposals may be happening in some parts of the world, in Liberia, foreign direct investment has been sporadic over the years, with wild swings. According to the US Department of State, Liberia is open to FDI, yet there are substantial barriers such as one of the world’s poorest business climates, due in large part to the lack of electricity, limited road networks, and difficulties in accessing finance for SMEs.
As it stands now, internet access is opening doors to Liberians ever so slightly, but it is at risk from hackers and lack of investment. The same is true of basic services like electricity, water, and sanitation. Science and technology can solve many of these problems, but not without an investment.
Investing in science and technology in Liberia is a must from several standpoints: security, quality of life, infrastructure improvements, economic opportunities, professional development (and preventing brain drain), innovation, and Liberia’s future wellbeing.
We’ve known this for decades, and while we do not condone the DDoS attacks on Liberia by any stretch of the imagination, they could be the wakeup call Liberia and the world needs to hear in order to finally take action and invest in science in technology in Liberia.
Featured photo by SparkFun Electronics