Lonestar wins just under $4.5m for Orange cyber attacks

Liberian telecoms company Lonestar Communications Corporation LLC (Lonestar) has won its claim against fellow telecoms company Cellcom Telecommunications Limited (Cellcom) (and Orange Liberia, who acquired Cellcom Liberia during the period of the attacks) in relation to a series of Distributed Denial-of-Service (DDoS) attacks carried out against Lonestar in Liberia at the instigation of Cellcom’s CEO.

DDoS attacks are cybercrimes through which an attacker aims to overwhelm target devices, services or networks by flooding a server with fake internet traffic – rendering them inaccessible for legitimate users. As in this case, DDoS attacks are usually carried out by ‘Botnets’: systems of compromised computers/devices employed by attackers to flood a target server with more connection requests than it can handle. The ‘Mirai’ Botnet in question took advantage of a security flaw in hundreds of thousands of webcams (predominantly in China) and was utilised by hacker-for-hire and co-defendant, Daniel Kaye (who was sentenced to 32 months in a British prison for the attack), to target Lonestar.

The DDoS attacks were aimed at consuming the entire bandwidth of Lonestar’s data network in Liberia, causing latency for Lonestar data customers and ultimately leading to a loss of subscribers. However, Lonestar were unsuccessful in evidencing a claimed $47m loss and were only awarded damages of c.$4.5m – in part due to a failure to retain technical data recording the effect of many of the alleged DDoS attacks.

The result highlights the importance of maintaining robust cybersecurity systems and, crucially, ensuring that technical data recorded by these systems is preserved appropriately, including the effect of any breach. While the court was critical of the Cellcom CEO’s actions (and vicariously, of Cellcom and Orange Liberia) and recognised that they damaged Lonestar, it found that most of Lonestar’s claimed loss was resultant from their dwindling market position as compared to Orange Liberia. However, had Lonestar been able to evidence more precisely the effect of the DDoS attacks, they may have been able to recover significantly more in damages.

Maintaining thorough and accurate data audit trails is clearly of paramount importance as part of an effective cybersecurity system. This becomes even more crucial in periods surrounding cyber incidents, in order to record how such incidents effect the company and operations as a whole.

As a firm, we have experience in advising on methods to ensure cyber-resilience and offer an experienced team of legal experts to respond quickly in the face of data or cyber-attacks to give you a strategic, controlled response. Visit Data Security Disputes and Cyber to learn more.