You know it’s become way too easy to launch a distributed denial of service (DDoS) attack when even a 12-year old child can do it. This is the reality shown by a recent report from the National Crime Agency (NCA) in the United Kingdom, which found that the average age of suspects that it has investigated for cybercrime offenses such as computer hacking and online fraud is just 17, and some incidents involved suspects who were under the age of 10.
How and Why Teens Launch DDoS Attacks
The juveniles are not IT geniuses, either. Unfortunately, it is just very simple and cheap for troublemakers to use a DDoS-for-Hire service like Lizard Squad’s Lizard Stresser tool, an online service that allows paying customers to launch DDoS attacks. One recent NCA operation, led to the arrest of seven teenagers, all aged under 18, for using Lizard Stresser.
What motivates such young minds to turn to cybercrime? Reportedly, most are driven by ego, not money; they do it to gain a sense of personal accomplishment, and to impress their peers. It’s worth noting that the youth typically start out as innocent players of computer games, who gain exposure to the illegal, off-the-shelf hacking tools through online ads, which often give explicit “how to” video instructions. Given the increasing popularity of computer gaming, it is no wonder that more and more children discover the dark side of the Web.
Constructive IT Programs for UK Youth
On a positive note, the UK government has hired specialist officers to connect with such young gamers and is organizing coding competitions, channeling young people’s competitive nature and interest in computer technology into either “white hat” hacking or traditional coding. Hopefully, that will steer them in the right direction for a lifetime of legal employment in the IT industry.
In the meantime, there is no shortage of hackers, young and old, who wreak havoc through DDoS attacks. Law enforcers have an uphill battle when it comes to tracking down most Internet thugs. Tracing the origins of DDoS attacks is difficult because the source can stem from:
- A legitimate third-party server, running a service which has been leveraged by an attacker as part of a reflection/amplification attack.
- A direct flood attack from a single device.
- A botnet of many devices in which the IP source addresses are easily spoofed to ones which cannot be associated with the attacker.
Corero is the leader in real-time DDoS defense, if you need expert advice, contact us.