Did One Teenager's Computer Experiment Accidentally Break New Zealand's Internet?

A Reddit confession about New Zealand's 2021 internet outage has raised eyebrows across the tech community. User "Brootul" recently claimed they accidentally triggered the nationwide disruption that hit Vocus NZ – the country's third-largest internet provider – back on September 3, 2021.

According to the Reddit post in r/confessions, Brootul was an 18-year-old using Kali Linux (a popular operating system used by hackers) who launched what they described as a simple DoS attack targeting a neighbour's Wi-Fi. Vocus apparently misidentified this small-scale attack as a more severe DDoS threat and implemented countermeasures that backfired.

"I was just playing around with some basic network tools," Brootul wrote. "Next thing I know, half the country can't get online."

The official explanation from Vocus NZ's chief executive Mark Callander had acknowledged that their response to a perceived attack was what caused the problems. "Based on our initial investigation, it was this change that triggered the disruption," Callander told media at the time.

A discrepancy exists between Brootul's claimed method (DoS) and what was reported by media and Vocus (DDoS) at the time. A DoS attack originates from a single source, while a DDoS attack is distributed across multiple sources—typically involving botnets comprising thousands of compromised devices. This distinction is significant, as Brootul claims to have used a single-source attack that was misinterpreted as a distributed one.

In a follow-up comment, Brootul offered more technical details: "The type of attack used targets the 802.11 WiFi management frames. It doesn't physically breach the router, meaning there are no logs that reveal an attacker's identity." This description suggests they were targeting the Wi-Fi network directly rather than sending malicious traffic through the internet connection. Such attacks typically have limited range and would not normally be visible to an Internet Service Provider (ISP).

For this to have triggered Vocus's DDoS protection systems, the attack would likely need to have generated significant unusual network traffic patterns visible at the ISP level. Whether a single-source attack from a residential connection could generate sufficient anomalous traffic to trigger enterprise-grade DDoS protection remains questionable.

"I fail to see how 'DoS'ing someone's WiFi would lead to an ISP thinking they're being DDoS'd given WiFi is literally routed on the LAN side of the router," one commenter pointed out.

Another was more blunt: "Bro if you really think you caused this with your one script running against your neighbor, I seriously would ask my money back from your school... You still have no idea how things work."

Not everyone dismissed the claim outright, though. Some commenters suggested that if true, Brootul might have unintentionally done Vocus a favor by exposing weaknesses in their systems before a more malicious actor could.

Several Reddit users warned about potential legal consequences. "Says NZ statute of limitations for a cyberattack is 6 years... so idk. Be careful and maybe repost in a few years?" one cautioned.

Another offered a more reassuring perspective: "If it makes you feel any better, it is not your fault. Our internet network should be more resilient than 1 internet user getting hit with a ddos taking out our entire country."