No, you don’t have to be ISIS to pull off a DDoS attack

Graham Cluley

No, you don't have to be ISIS to pull off a DDoS attack

JanetFor a couple of days Janet, the academic computer network used by universities and colleges up and down the UK, has been hit by a significant distributed denial-of-service attack.

The tech press has written about the attack responsibly, but sadly the same cannot be said for at least one corner of the mainstream press here in Great Britain.

Story in Express newspaper

If you were to believe the story in the Express, you would think that the perpetrators of the “hack” (note to Express journalists – a DDoS attack isn’t a hack) was undertaken by no less a bunch of baddies than ISIS.

And why does the Express journalist point a finger at Islamic State for the attack? Well, an anonymous student thinks it might be them:

University College London (UCL) faced internet disruption yesterday, which left some without vital access to WiFi for hours.

A UCL student, who asked not to be named, said: “The timing is dreadful – it makes you think that it was the work of a terrorist organisation.

“IS have the technology to pull off such a heinous act of cyber-crime, so maybe it was them.”

Hmm. I wonder if this unnamed source is studying creative writing rather than computing?

The fact is that anyone with an internet connection can easily start a DDoS attack. You don’t need sophisticated “technology to pull off such a heinous act of cyber-crime”. If you don’t have the wherewithal to conduct the attack yourself, all you need is a Bitcoin account, and the ability to find some lowlife who will happily point his botnet at whichever server you wish to bombard with traffic.

This is precisely what British teenagers are suspected of doing with the LizardStresser tool, for instance.

I feel bad for the students and staff who are disrupted by the denial-of-service attack against the Janet network, and I hope that Janet’s IT staff are successful in mitigating the impact of the attack.

But to call it a “hack” or to point a finger at ISIS is just silly.

You can read more about the DDoS attack on the Janet network here.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “No, you don’t have to be ISIS to pull off a DDoS attack”

  1. 'University College London (UCL) faced internet disruption yesterday, which left some without vital access to WiFi for hours.'

    Maybe I'm missing something but Internet access isn't usually vital. People survived for centuries without it.

    'A UCL student, who asked not to be named, said: "The timing is dreadful – it makes you think that it was the work of a terrorist organisation.'

    Yes, I'm sure no Internet access is a terrifying prospect. The horror… what would it be like without the Cold War? What about those who went to school before The Cold War?

    "IS have the technology to pull off such a heinous act of cyber-crime, so maybe it was them."

    Heinous indeed. Idiots like to speculate, scaremongers like to scare, many people prefer sensationalism so perhaps [you] are an idiot, a scaremonger and prefer sensationalism over reality.

    Terrifying it as it might be, my suggestions are at least some what valid whereas [your] suggestions are rubbish.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.