There is I suspect rather a misconception about the IQ level of your average cyber criminal. From your harmless hacker to the sophisticated cyber crime networks of Asia and Eastern, everyone involved is normally portrayed as sophisticated, misguided and highly intelligent. The reality is I’m afraid far from truth and a huge proportion of those who commit cyber crimes are pretty damn stupid.
Meet Mr Ian Sullivan, from Bootle who has just been jailed for 8 months for conducting a series of DDoS attacks on high profile websites.
The 51 year old, unemployed father of six conducted these attacks against 300 websites taking many of them offline. A DDoS attack involves saturating the target servers with thousands of requests which are difficult for the server to process. It simply aims to overload the target server with these connections until it falls over.
DoS – Denial of Service Attack (Single attack)
DDoS – Distributed Denial of Service Attack ( attack involving multiple machines usually using malware installed on ordinary computers)
There are a variety of these attacks, most involve volume but often involve specialist techniques crafted against certain types of web servers. Have a google of these attacks if you want to know more
- Buffer Overflow
- Smurf Attack
- Ping of Death
- SYN Attack
- Teardrop Attack
However the thing to remember about the vast majority of DDoS attacks is that you can conduct them through a simple software interface i.e. you need very little technical knowledge. Of course, there are very skilled attackers out there who can bring down servers with individually crafted attacks against specific targets however these are certainly the exception not the rule. Mainly there’s little to be gained from Denial of Service attacks although many try extortion to stop them.
Although Mr Sullivan claimed some sort of affiliation with the activist group Anonymous, there are suspicions that his technical knowledge was perhaps limited. One of the biggest clues that this wasn’t the work of a digital moriarty is the fact that he would post warnings to the websites he attacked with his Twitter account. It’s kind of like posting a self addressed letter to the victim, it does help tracking down criminals when they leave huge clues like this.
I think the point to take away from this, is that computer crime is actually very easy to do. Many popular attacks have been automated so you only have to fill a few fields in on a web front end, pay a few bucks to for a service from the Darkweb or install a DoS program on yours and a few computers. The important part is that you need the intelligence and the knowledge to hide your tracks which is much, much harder.
When they looked up Mr Sullivan’s Twitter account and paid him a visit they found lots of DDoS/DoS related software installed on his machine using simple computer forensics techniques. Probably his only smart move was to plead guilty, which presumably led to the relatively low sentence of 8 months in prison. He would not have got away so lightly if he’d performed this attack in the US or against a US based server though.
What a cyber muppet !!