Whenever a major security incident takes place in the tech world, you can be certain that John McAfee will weigh in with his opinion. The anti-virus pioneer has just revealed who he believes was behind Friday’s DDoS attacks on popular DNS provider Dyn.

A senior US intelligence official told CNBC that the attacks did not appear to be state-sponsored, but a classic case of internet vandalism. McAfee’s sources disagree. He told CSO online that the Dark Web is “rife with speculation that North Korea is responsible for the Dyn hack.” Specifically, he claims Bureau 21, the country’s cyber-warfare agency that reportedly consists of over 2000 hackers, launched the assaults.

McAfee added that if Bureau 21 really was responsible, the forensic analysis would point to either China, Russia, or a US group being behind the DDoS attacks. The one-time presidential candidate told social media week that the North Korean group left a false trail pointing toward US DDoS protection company BackConnect Inc. “If all evidence points to this American company [BackConnect], then, with 100% certainty, it is not them,” he said.

Bloomberg reports that Dyn’s director of Internet analysis, Doug Madory, gave a presentation about BackConnect’s alleged questionable practices, such as BGP hijacking, the day before the attacks took place.

One computer security firm claims last week’s attacks involved Mirai, the malware used in the record-breaking 620 Gbps attack on researcher Brian Krebs website last month. Mirai’s source code was subsequently posted on hacking community Hackforums, which Krebs said “virtually guarantees” the internet will be “flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.” Looks as if he was right.

Krebs, incidentally, helped Madory with his research into BackConnect.

As large as the attacks were, McAfee believes those responsible have merely been probing the defenses before launching a much bigger assault.

I also believe that this attack was the harbinger of near future attacks that will be much more devastating. I believe the smaller prior attacks served to identify weaknesses in the Internet’s infrastructure. Clearly there are weaknesses. Anticipate that these will be exploited in a big way.

While McAfee has fabricated claims in the past for no other reason than publicity – he admitted his team of “superhackers” that could break into the San Bernardino iPhone was made up – North Korea will probably be one of the prime suspects in this case. And unless the perpetrators are found, more attacks do seem likely.