Lonestar Cell MTN rekindles hacking case

Authorities at Liberia’s leading GSM Company Lonestar Cell MTN have begun contemplating plans to launch legal proceedings against Cellcom and Orange Liberia Inc., in relation to the cyber-attack carried out against the company in 2016.

The move comes as the U.S. Justice Department on Wednesday arraigned notorious hacker  Daniel Kaye for alleged connections to The Real Deal, a dark web market that sold hacking tools and stolen login credentials for U.S. government computers.

Kaye admitted being hired by a Cellcom operative to launch a cyber-attack on Lonestar in 2016, the BBC reports.

Kaye along with Mr. Avishai Marziano, a former Cellcom Telecommunications Limited Chief Executive and Mr. Ran Polani were scheduled to face trial in an English Commercial court in 2019.

In a statement issued at the time, a copy of which was sent to this paper via email, Lonestar Cell MTN confirmed the proceedings against Kaye, saying that it has provided a business impact statement in criminal proceedings against the Briton.

According to the statement which was signed by the company’s Deputy CEO & Head of Corporate Services, Ms. Laureine Guilao, the cyber-attack was a targeted and sustained act of industrial sabotage designed to disrupt Lonestar’s business and that of its customers, so as to advantage Lonestar’s competitors.

“The attack caused considerable damage to Lonestar’s business and disruption to our customers in Liberia. In those circumstances, Lonestar Cell MTN and MTN Group considered it was appropriate and indeed important to provide a business impact statement to explain the impact of the cyber-attack on Lonestar,” the statement added.

Liberia has two major GSM companies operating in the country competition for the 4.5 million people here. In 2016, CELLCOM and Lonestar Cell MTN were the only two companies operating here until the former sold its network to Orange Liberia Inc.

The British cyber-criminal, Kaye admitted attacking Lonestar Cell MTN network something which inadvertently ended up crashing Liberia’s internet – in 2016, according to the BBC.

Kaye remains at the heart of a major international investigation into hundreds of acts of cyber sabotage around the world. The National Crime Agency says Kaye is perhaps the most significant cyber criminal yet caught in the UK.

Kaye was jailed for 32 months at Blackfriars Crown Court in London.  Judge Alexander Milne QC said at the time that Kaye had committed a “cynical” financial crime. He added: “Paradoxically, what is urged on your behalf is that you are an intelligent young man who knows what your powers can do.” But that makes it all the more worrying that you used your abilities to carry out this attack.”

Kaye was hired in 2015 to attack Lonestar, Liberia’s leading mobile phone and Internet Company, by an individual working for Cellcom, its competitor.

There is no suggestion that Cellcom knew what the employee was doing – but the individual offered Kaye up to $10,000 (£7,800) a month to use his skills to do as much as possible to destroy Lonestar’s service and reputation.

Robin Sellers, prosecuting, told Blackfriars Crown Court at the time that in November 2016 Kaye had built a “botnet” – a particularly powerful form of cyber-attack that is designed to overwhelm a target’s systems, making it impossible to carry out normal business. This type of attack is known as a Distributed Denial of Service (DDOS). It is different to a ransom demand that locks up systems, such as the “Wannacry” attack on the NHS.

What did Kaye’s botnet do?

The weapon, known as “Mirai #14” worked by secretly hijacking a vast number of Chinese-made Dahua webcams, which are used for security in homes and businesses around the world.

He identified that the cheap cameras and other similar equipment had a security flaw – and he exploited that to take over the devices without owners knowing.That meant he could turn them into what amounted to a “zombie” cyber army to attack his target.

In November 2016, working secretly out of Cyprus and controlling the botnet via his mobile phone, Kaye ordered it to overwhelm Lonestar’s systems. On his command, hundreds of thousands of the webcams began firing data requests at Lonestar Cell MTN.The system began to struggle to manage the demands and parts of the infrastructure crashed.

He then tried to pull in additional firepower by sending further attacks from Germany, where he had sought to hijack part of Deutsche Telekom’s national infrastructure. Researchers found that at the peak of the attack, the Mirai #14 code had compromised about one million devices worldwide.

In Liberia, mobile phone users began to see their devices go offline. The company called in cyber security consultants who attempted to repel the attack, but by that point it was too late because the botnet ran out of control. The National Crime Agency spearheaded the investigation

 What charges did Daniel Kaye admit?

Making the Mirai #14 botnet for use in a Computer Misuse Act 1990 offence Launching cyber-attacks against Lonestar in Liberia – another crime under the Computer Misuse Act Possessing criminal property – relating to $10,000 found on him when he was arrested.

At the time, Liberia’s internet was dependent on both a small number of providers and a relatively limited Atlantic cable. European nations, by comparison, have a vastly more secure internet because traffic can reach users through many different connection routes.

Kaye had sent so much traffic at Lonestar, the entire national system jammed. According to investigators, the country’s internet repeatedly failed between 3 November and 4 November 2016 – disrupting not just Lonestar but organisations and ordinary users up and down the state.

This is believed to be the first time that a single cyber attacker had disrupted an entire nation’s internet – albeit without intending to do so.Hack attacks cut internet access in Liberia In written submissions to the court, Babatunde Osho, Lonestar’s former chief executive, said Kaye’s criminality had been devastating.

“The DDOS perpetrated by Daniel Kaye seriously compromised Lonestar’s ability to provide a reliable internet connection to its customers,” said Mr Osho.” In turn, Mr Kaye’s actions prevented Lonestar’s customers from communicating with each other, obtaining access to essential services, and carrying out their day-to-day business activities.

“A substantial number of Lonestar’s customers switched to competitors. “In the years preceding the DDOS attacks, Lonestar’s annual revenue exceeded $80m (£62.4m). Since the attacks, revenue has decreased by tens of millions and its current liabilities have increased by tens of millions.”

How did investigators catch Kaye?

Kaye was already suspected of being behind the attack – and he was arrested when he returned to the UK on holiday in February 2017.

He was carrying $10,000 which the National Crime Agency says was part of the payments he received for the Lonestar attack.