Vulnerable customer modems being attacked by cyber criminals is a more credible explanation for Spark's internet outage than problems caused by New Zealanders wanting to look at nude photos of actress Jennifer Lawrence, says a security expert.
Spark's customers experienced broadband woes over much of the weekend.
Initial reports suggested the problem was linked to people who wanted to look leaked photos of Lawrence inadvertently installing malware that was used for a distributed denial of service attack.
Read also:
• Juha Saarinen: XT time all over again?
• Spark users experience internet meltdown
This attack involved overseas cyber criminals targeting web addresses in Eastern Europe and bouncing traffic off Spark customers, the New Zealand company said.
This led to "high traffic loads" hitting Spark's servers which according to the company meant its own customers had slow or no connection.
While customers trying to access the leaked photos of the Hollywood star was initially blamed , yesterday Spark posited a different theory.
"While we're not ruling out malware as a factor, we have also identified that cyber criminals have been accessing vulnerable customers modems on our network...most of these modems were not supplied by Spark and tend to be older or lower end modems," the company said.
Computer forensic investigator and security expert Daniel Ayers said this explanation makes more sense.
"I didn't believe the malware issue at the start because if international cyber criminals issue malware... that would have been seen around the world and involved other ISPs [internet provides] in New Zealand not just Spark," he said.
Ayers also though Spark was also "a bit slow off the mark" working out what the problem was.
"Maybe's what happened is they went down the wrong track to start with and that's why they were thinking 'oh it's malware, our customers are affected with malware, it's got to do with all these photos'. If that was there opening assumption that's probably sent them off in the wrong direction for a while," he said.
While Spark was likely targeted because it is the biggest internet company in the country, Ayers suspected that other ISPs' network wouldn't have allowed this sort of attack to happen.