No, you don't have to be ISIS to pull off a DDoS attack

JanetFor a couple of days Janet, the academic computer network used by universities and colleges up and down the UK, has been hit by a significant distributed denial-of-service attack.

The tech press has written about the attack responsibly, but sadly the same cannot be said for at least one corner of the mainstream press here in Great Britain.

Story in Express newspaper

If you were to believe the story in the Express, you would think that the perpetrators of the "hack" (note to Express journalists - a DDoS attack isn't a hack) was undertaken by no less a bunch of baddies than ISIS.

And why does the Express journalist point a finger at Islamic State for the attack? Well, an anonymous student thinks it might be them:

University College London (UCL) faced internet disruption yesterday, which left some without vital access to WiFi for hours.

A UCL student, who asked not to be named, said: "The timing is dreadful - it makes you think that it was the work of a terrorist organisation.

"IS have the technology to pull off such a heinous act of cyber-crime, so maybe it was them."

Hmm. I wonder if this unnamed source is studying creative writing rather than computing?

The fact is that anyone with an internet connection can easily start a DDoS attack. You don't need sophisticated "technology to pull off such a heinous act of cyber-crime". If you don't have the wherewithal to conduct the attack yourself, all you need is a Bitcoin account, and the ability to find some lowlife who will happily point his botnet at whichever server you wish to bombard with traffic.

This is precisely what British teenagers are suspected of doing with the LizardStresser tool, for instance.

I feel bad for the students and staff who are disrupted by the denial-of-service attack against the Janet network, and I hope that Janet's IT staff are successful in mitigating the impact of the attack.

But to call it a "hack" or to point a finger at ISIS is just silly.

You can read more about the DDoS attack on the Janet network here.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

One Response

  1. coyote

    December 9, 2015 at 8:35 pm #

    'University College London (UCL) faced internet disruption yesterday, which left some without vital access to WiFi for hours.'

    Maybe I'm missing something but Internet access isn't usually vital. People survived for centuries without it.

    'A UCL student, who asked not to be named, said: "The timing is dreadful – it makes you think that it was the work of a terrorist organisation.'

    Yes, I'm sure no Internet access is a terrifying prospect. The horror… what would it be like without the Cold War? What about those who went to school before The Cold War?

    "IS have the technology to pull off such a heinous act of cyber-crime, so maybe it was them."

    Heinous indeed. Idiots like to speculate, scaremongers like to scare, many people prefer sensationalism so perhaps [you] are an idiot, a scaremonger and prefer sensationalism over reality.

    Terrifying it as it might be, my suggestions are at least some what valid whereas [your] suggestions are rubbish.

Leave a Reply