FBI and Homeland Security ‘urgently investigating’ whether AT&T outage was a CYBERATTACK – as security expert tells DailyMail.com it has all hallmarks of a hack
Federal agencies are “urgently” investigating whether the massive mobile outage that plagued Americans on Thursday was a cyber attack.
The Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) are looking into what disrupted service at AT&T, Verizon, T-Mobile and a dozen other wireless carriers.
Although the agencies did not share details, a security expert told DailyMail.com that the outage has hallmarks of a hack.
Lee McKnight, an associate professor at Syracuse University in New York, said the widespread nature resembled “a massive Distributed Denial of Service (DDOS) attack on the core infrastructure of the Internet.”
This type of attack attempts to crash a website or online service by bombarding it with a flood of unnecessary requests at the exact same time.
The surge of simple requests overloads the servers, causing them to become overwhelmed and shut down.
Although the agencies did not share details, a security expert told DailyMail.com that the outage has hallmarks of a hack
McKnight, who is also affiliated with the Institute for National Security and Counterterrorism (INSTC), noted that DDOS is becoming a popular attack among cybercriminals.
He was referring to the 2016 event where the Mirai botnet took down sites like Netflix, Twitter, Amazon and PayPal.
“Some of these were launched by – kids for fun – others by malicious actors, for example on Taiwanese government websites when Nancy Pelosi flew there (hmm, wonder who),” McKnight said.
“The reality is that you can’t rent DDOS attacks by the hour on the Dark Web, so who exactly is behind them may never be fully known/attributed. DDOS stressers and booters are a thing.”
The professor had speculated that a cloud misconfiguration could be the culprit, meaning the outage was caused by human error.
‘A Large cloud service providers like AWS or Azure experiencing an outage in one of their data centers is possible, but in my opinion less likely to be the cause,” McKnight said.
Lee McKnight, an associate professor at Syracuse University in New York, said the widespread nature resembles “a massive Distributed Denial of Service (DDOS) attack on the core of the Internet infrastructure.”
‘Back to the other services that are declining: for example, if ATT’s business services were the main business partner of other companies, their problems would also affect their customers; at least until they could move the traffic to a possible backup service provider.
“But again, this is speculation with limited information; and the first usual suspect remains human error/cloud misconfiguration.”
Cloud misconfigurations are gaps, errors, and vulnerabilities that occur when security settings are poorly chosen or completely neglected.
Such errors can disrupt a system’s performance or leave the cloud open to infiltration by adversaries.
This issue allowed Russia and China to “attack Google” in 2018.
Data from users around the world was intercepted by servers in Nigeria, China and Russia, including those of major state-owned telecommunications providers.
However, it is unknown whether hackers took advantage of Thursday’s outage.
DownDetector’s outage map highlights New York, Boston, Washington, Montreal, Honolulu, Atlanta, Houston, Dallas, Los Angeles, Seattle and San Francisco as hot spots with disrupted service
Cloud misconfiguration can happen in several ways, such as by leaving default settings unchanged.
Some call unchanged defaults a “basic error,” made by someone working with systems who has not changed the default usernames and passwords.
Another is to ignore logs that collect information about system security vulnerabilities, unauthorized access, breaches, and other related items.
If the logs are not handled in a timely manner, the staff working on the system will be backed up with details that are difficult to correct.
However, it’s unclear what type of cloud misconfiguration caused the outage or even if that was the problem.
AT&T has suffered data breaches over the past year, one of which affected nine million people in March.
In 2023, Ukraine’s main mobile service, Kyivstar, was hit by a cyberattack that knocked out services for half the population, damaged IT infrastructure and put millions of people at risk of not receiving warnings about possible Russian airstrikes.
AT&T fell victim to a solar flare in 1972 that disrupted landline service. A meteorologist shared on X that a solar flare erupted on the sun around midnight – hours before Thursday’s massive outage
However, the National Oceanic and Atmospheric Administration website showed that a radio outage occurred on the eastern side of Africa and below Asia.
But in the US, most hacks stole data and didn’t cause a mobile blackout.
AT&T fell victim to a solar flare in 1972 that disrupted landline service.
The storm that hit Earth was compared to the 1859 event known as the Carrington Event, which saw the most intense geomagnetic storm in history.
If such a solar storm were to occur in today’s world, the consequences would be catastrophic for our communications systems.
A meteorologist shared online Thursday that a solar flare had erupted from the sun around midnight, noting that the “timing is interesting.”
‘Yes, a strong solar flare was reported around midnight. But does this have to do with the mobile phone interference? Not impossible and the timing is interesting, but I’m not sure we can say that yet, said Justin Horne of Texas-based KSAT 12 on X.
However, the National Oceanic and Atmospheric Administration website showed that a radio outage occurred on the eastern side of Africa and below Asia.
A solar flare ionization of the lower levels of the atmosphere that causes interference to long-range radios used by commercial airlines, military groups, and government agencies.
The outage, which appeared around 4 a.m. ET, left many iPhones in SOS mode, preventing them from making calls, sending messages or surfing the Internet.
Ee SOS Only appears in the top right corner of the control center with the latest iOS software and in the top left corner in previous versions.
However, you can make SOS emergency calls to the authorities.
Some mobile networks appear to be coming back online, but that still leaves many asking the million-dollar question about what caused the massive outage.