Things are going well for them. Thousands of followers, euros, and advantageous taxation. Youtubers Based in Andorra, Spaniards such as El Rubius, AuronPlay or The Gregf broadcast their video game-based content. However, the tranquility of these celebrities has been truncated when they shared live their participation in a Minecraft tournament in which there was $100,000 at stake. A cyberattack that multiplied by almost thirty the usual traffic of the Andorran telecommunications network knocked out the routers of the youtubers and generated intermittent connection problems for four days to the fiber and mobile customers of Andorra Telecom, the only state operator.
“Knock down the internet of an entire country.” This is how El Rubius summed up the intention of the hackers. “We do not consider that a series of youtubers could generate so much interest in deploying attacks of this volume”, points out the Secretary of State for Digital Transformation of the Andorran government, César Marquina, concerned about the effect of “degradation of the internet service among users”. It is not the first time that the Andorran executive has evidence of attacks on youtubers — “there have been episodes for four years” — but never of the magnitude of those that took place between last Friday the 21st and Monday the 24th. The Andorra Telecom spokesman , Carles Casadevall, explains that although the usual national traffic is about 35GB per second, the attack caused the network to reach peaks of 1TB (1,000 GB).
Hackers before: I kick you out of the Call of Duty game
Hackers now: I’m going to take down the internet of an entire country
— elrubius (@Rubiu5) January 21, 2022
Following a complaint from the operator, the Andorran Police’s technological crimes unit is investigating the origin of the attack. Casadevall details that the cyber aggression, of the denial of service (DDoS) type, came from 50 different countries, including Russia, South Korea, China and Brazil. Marquina affirms that the operations of the criminals have required “notorious economic capacity”, not accessible to “a family economy”. The Secretary of State, who is working with the operator to strengthen the network and ensure the continuity of “critical infrastructure” in the country, fears that the episode could be repeated. And he does not see an obvious solution, since “if we extend the defenses to 1TB, nobody tells us that tomorrow we will not receive an attack of 1.2 or 1.4″.
UPC professor Manel Medina, an expert in cybersecurity, explains that “in large countries like Spain there are very powerful operators that can absorb this type of attack, but in small countries like Andorra or Estonia, an attack like this has a lot of repercussions, and it doesn’t just collapse those that have been attacked, but also to other services that share the network”. DDoS can be ordered on the black market of the deep web. They use networks of malware-infected devices—computers, mobile phones, or video players in private homes—to make requests (such as downloading an image or processing a long text string) to specific IP addresses until they are saturated. “These types of attacks are difficult to avoid, they are becoming more sophisticated and reach more bandwidth. The question is to see who has more strength: the attacker or those who want to stop it”, says Medina, who sees in the distributed nature of DDoS a difficulty in identifying the authors.
The youtubers cyberattacked have been forceful. “Fortunately or gracefully, you are messing with people who have the financial resources to see this through to the end. […]. It is a threat to the law, and when the judge sentences you, then you will cry, ”warned the Catalan AuronPlay in one of his videos, where he estimates at 5,000 euros what he has stopped earning due to connection problems. “Hopefully they get to the bottom of the matter: discover the people behind these hackers and lock them in a room and play the cookie game with them,” adds the Murcian The Gregf. El Rubius and AuronPlay have even raised a reward of 10,000 euros for anyone who gives information about the attackers.
He knows in depth all the sides of the coin.
Some of the youtubers affected have said they will file a collective complaint. Andorra Telecom, which has already reported the events to the police, explains that it has only maintained contact with them for technical matters. The type of connections used by these VIP clients are those equivalent to those of companies, with a bandwidth of 1GB, “the maximum that can be contracted”. The operator and the government of Andorra define the impact that the cyberattack produced among the population as slight. And he highlighted several recent investments in cybersecurity. “If this had happened a few years ago, the entire country would have been left without internet,” the operator said in a statement.
The origin of the attack
AuronPlay announced in a video that the cyber attacker will include the name of the “Fortnite clan to which he belongs” in the police report. “We have a lot of data, where it originated from. It comes from a forum”, he adds in one of his videos. Diari d’Andorra mentions the Node 313 forum as one of the hypotheses weighed by youtubers. This portal has a post on January 19 with the title: “We are throwing Andorra Telecom #DDoSPATRIOTA”, from which its administrators disassociate themselves. “Despite the fact that we live in the age of conspiracy theories, I find it hard to believe that the cyberattack on Andorra Telecom is a response to the decision of the youtubers of not wanting to pay taxes in Spain”, says the professor of Financial and Tax Law at the UOC, Benja Anglès. “The main objective of a cyberattack is to obtain some profit. I think it will be someone who wants a share of the profits from the youtubers taking advantage of the weakness of the Andorran operator”, he reflects.
“It is not known if the attack comes from haters or competitors, but it has moved very large amounts of money”, Casadevall abounds, explaining that the criminals hit a huge number of IP addresses in the country. The youtuber from Murcia OllieGamerz won the Minecraft competition based on the series the squid game Netflix, from which El Rubius, AuronPlay, The Gregf, Vegeta777, Willyrex and Biyín were disqualified due to connection problems, while broadcasting through Twitch, owned by Amazon. About the winner, The Gregf published an entry on Twitter where he joked: “Tax Agency started following OllieGamerz”, he wrote, simulating the interface of a social network in an image. Beyond the technical collateral effect that the cyberattack has entailed, the debate about where these professionals are taxed is still alive.
“Self interest and benefit”
UOC professor Benja Anglès states that “it is nothing new that “wealthy people or people with high incomes transfer their tax residence to countries with low or no taxation”. What surprises him is that traditionally it has been known “because of the problems they have had with the Treasury” and in the case of youtubers they have explained “openly that their decision to go live in Andorra is exclusively to pay less taxes”. Anglès warns that the defense of an attitude focused on “own interest and benefit” and the influence that these celebrities have among young people can “foster ideas that taxes are unfair and tax evaders are respectable.”