A young hacker has admitted to attempting to take down Sony’s Playstation Network gaming platform by hijacking “internet of things” (IoT) devices after reaching a plea deal with federal prosecutors.
Judge Landya B. McCafferty, chief judge for the U.S. District Court for the District of New Hampshire, accepted the hacker’s guilty plea on computer fraud and abuse charges during a closed door hearing, according to a Wednesday news release from the Department of Justice. Because the individual was a juvenile at the time of the offense, their identity is being withheld in accordance with the Juvenile Delinquency Act.
Officials say that the hacker conspired with others to create a “botnet” by taking control of unspecified IoT devices—items that can include video cameras, recorders, devices found in “smart homes” like appliances or anything else with an online connection.
The botnet was used to target the Playstation network on October 21, 2016, with the goal of knocking it offline for an extended period of time with a DDoS, or “distributed denial of service” attack, which hackers often use to crash website access for legitimate users by overwhelming a site with massive amounts of traffic sent from multiple sources.
The impact of the attack was not limited to Playstation because it focused on a domain name resolver, a computer used to process internet addresses, that was used by multiple entities. In addition to Sony, sites owned by Twitter, Amazon, PayPal, Netflix, Tumblr and Southern New Hampshire University were also blocked or only intermittently accessible for several hours.
The attack resulted in financial damages to all those affected, with Sony estimating a loss of $2.7 million in net revenue. In addition to the Playstation attack, officials say that the hacker and unspecified co-conspirators participated in several other attacks on computers, “specifically targeting those belonging to online gamers or gaming platforms,” between 2015 and November 2016. McCafferty is expected to issue a sentence to the guilty individual on January 7.
The case was investigated by the FBI and prosecuted by attorneys from the Computer Crime and Intellectual Property Section of the Justice Department’s Criminal Division and the U.S. Attorney’s Office for the District of New Hampshire. Although no additional details were available, the case likely included individuals or entities from abroad since the investigation was aided by the National Crime Agency and Police Service of Northern Ireland.
Potential security issues involving IoT devices have been an ongoing concern in the U.S. and elsewhere for several years. Last week, President Donald Trump signed a bipartisan bill, the Internet of Things Cybersecurity Improvement Act, which mandates minimum security standards for IoT devices operated or owned by the federal government.
Newsweek reached out to the U.S. Attorney’s Office for the District of New Hampshire for further information and comment.