Operation Power Off
We all know that the term hacking is used quite loosely these days and can be used in a multitude of scenarios, both IT and non-IT. The actions that most people see as hacking has become extremely easy for anyone with just basic IT knowhow and knowledge as to where to find online tools. The online tools that are out there are good for ethical hacking and testing your security, however like most things they are misused by criminals and people with not enough knowledge and thought as to what damages their actions can cause. On top of online tools, there are entire operating system distributions created around ethical hacking, however they are often used for non-ethical purposes. These tools have the capability to make organisations incur massive financial loss and down time. Today I will be discussing a recent article covered by the BBC: Cyber-attack website Webstresser taken down
A recent collaboration with the UK National Crime Agency, US Department of Defense and many other countries around the world including Italy, Australia and Hongkong has been successful in taking down a well-known stress testing website. The website tool allows users to pay amounts as low as £11 to carry out a Distributed Denial of Service attack against an organisation, this attack overloads a company’s servers and services so that they are unable to function and crash due to the high volumes of traffic. This then can cause the organisation to be down and offline for minutes, hours and even a few days depending on the length and size of the attack.
This same tool was used many months ago back in November to target seven of the UKs biggest banks, most of the banks were forced to shut systems down due to not having significant protection against this attack in place. With the right protection these attacks carried out by online tools can be stopped, however most companies never see a need to do so. It is predicted that this tool has affected four million business around the world and that the number will continue to increase if the website was not taken down soon. Local authorities have taken it down in order to investigate the site further.
The take down has led to multiple arrests across multiple countries, with authorities hoping that this will show cyber criminals that they can be caught and that they are not hidden from law enforcement.
As a Junior Cyber Security Analyst I find it rather alarming and concerning that these kind of tools can be used by anyone that has a little bit of money available to them, these sort of tools should be priced so only enterprises who require these tools for testing can access them or a stricter process in which the reason for needing the tools is stated before the access is given. Also, it is good that this site seizure has taken place as it tells cyber criminals that they can be caught and found out and it is not ok to do what they do. However, even though one site has been caught it is nothing in the large number of websites and other services out there. Without a larger amount taking down there will be no noticeable difference in the amount of attacks. The Operation Power OFF concept is a great idea and I encourage it, however without taking down a significant volume of sites it will not have a real impact on the criminals as they already have developed more sophisticated tools and ways to access them than on an online web store. As the Cyber Security industry expands to prevent these attacks, the complexity and amount of attacks also increases so it is important we expand the Cyber Security work force to cater for this demand, as an apprentice I hope that others take on Cyber Security as it will be a massive part of everyone’s future and their online safety.