You know it’s become way too easy to launch a distributed denial of service (DDoS) attack when even a 12-year old child can do it. This is the reality shown by a recent report from the National Crime Agency (NCA) in the United Kingdom, which found that the average age of suspects that it has investigated for cybercrime offenses such as computer hacking and online fraud is just 17, and some incidents involved suspects who were under the age of 10.
The juveniles are not IT geniuses, either. Unfortunately it is just very simple and cheap for troublemakers to use a DDoS-for-Hire service like Lizard Squad’s Lizard Stresser tool, an online service that allows paying customers to launch DDoS attacks. In one recent NCA operation, seven teenagers all aged under 18 were arrested for using Lizard Stresser.
What motivates such young minds to turn to cybercrime? Reportedly, most are driven by ego, not money; they do it to gain a sense of personal accomplishment, and to impress their peers. It’s worth noting that the youth typically start out as innocent players of computer games, but they are exposed to the illegal, off-the-shelf hacking tools through online ads, which often give explicit “how to” video instructions. Given the increasing popularity of computer gaming, it is no wonder that more and more children are exposed to the dark side of the Web.
On a positive note, the UK government has hired specialist officers to connect with such young gamers, and is organizing coding competitions, to channel young people’s competitive nature and interest in computer technology into either “white hat” hacking or traditional coding. Hopefully that will steer them in the right direction for a lifetime of legal employment in the IT industry.
In the meantime, there is no shortage of hackers, young and old, who wreak havoc through DDoS attacks. Law enforcers have an uphill battle when it comes to tracking down most Internet thugs. Tracing the origins of DDoS attacks is difficult because the source is either a legitimate third-party server, running a service which has been leveraged by an attacker as part of a reflection/amplification attack, or is a direct flood attack from a single device, or a botnet of many devices in which the IP source addresses are easily spoofed to ones which cannot be associated with the attacker. Therefore it is important to implement automated DDoS protection, whether it is an on-premises system or a DDoS protection service through one’s Internet Service Provider or Hosting company.
Corero is the leader in real-time DDoS defense, if you need expert advice, contact us.