Hacker Pleads Guilty to Building Internet-of-Things Army for Cyberattacks

A young hacker has admitted to attempting to take down Sony’s Playstation Network gaming platform by hijacking “internet of things” (IoT) devices after reaching a plea deal with federal prosecutors.

Judge Landya B. McCafferty, chief judge for the U.S. District Court for the District of New Hampshire, accepted the hacker’s guilty plea on computer fraud and abuse charges during a closed door hearing, according to a Wednesday news release from the Department of Justice. Because the individual was a juvenile at the time of the offense, their identity is being withheld in accordance with the Juvenile Delinquency Act.

Officials say that the hacker conspired with others to create a “botnet” by taking control of unspecified IoT devices—items that can include video cameras, recorders, devices found in “smart homes” like appliances or anything else with an online connection.

The botnet was used to target the Playstation network on October 21, 2016, with the goal of knocking it offline for an extended period of time with a DDoS, or “distributed denial of service” attack, which hackers often use to crash website access for legitimate users by overwhelming a site with massive amounts of traffic sent from multiple sources.

'Internet of Things' Hacker Pleads Guilty
This image illustrates mobile controls for a “smart home,” which can include some of the online devices that form the “internet of things.”

The impact of the attack was not limited to Playstation because it focused on a domain name resolver, a computer used to process internet addresses, that was used by multiple entities. In addition to Sony, sites owned by Twitter, Amazon, PayPal, Netflix, Tumblr and Southern New Hampshire University were also blocked or only intermittently accessible for several hours.

The attack resulted in financial damages to all those affected, with Sony estimating a loss of $2.7 million in net revenue. In addition to the Playstation attack, officials say that the hacker and unspecified co-conspirators participated in several other attacks on computers, “specifically targeting those belonging to online gamers or gaming platforms,” between 2015 and November 2016. McCafferty is expected to issue a sentence to the guilty individual on…