A Merseyside student turned to cyber crime just to avoid doing his homework.
The unnamed schoolboy bought a £5 DoS kit off the internet to crash his school’s website so he wouldn’t be able to submit his homework via an online portal.
DoS stands for denial-of-service and is a common type of cyber attack which involves disabling a website by flooding it with too much traffic.
However the youngster got more than he bargained for when he took down several unconnected websites that were hosted by the same provider as his school’s.
Helen Williams, cyber protect officer for the North West Regional Organised Crime Unit, shared details of the case at the Bolton Cyber Security Conference, hosted by Eventura.
No identifying details were given about the boy, school or date of the incident or what action was taken.
Williams said: “We’re aware of a young boy who didn’t want to do his homework. He thought a really good way to get out of doing his homework would be to carry out a cyber attack on the school website.
“He bought for about £5 a denial-of-service tool, which basically sent too much traffic to the school website. It knocked the website over so he didn’t have to do his homework as he would have submitted his essays or whatever via this portal on the school website.
“But it wasn’t just the school (website) he took down. He took down a number of other clients, including an online payment system for a lot of solicitors across the North West. It affected quite a lot of other businesses and that’s because the company that were hosting the school website weren’t particularly good in their cyber hygiene. They hadn’t separated out all their clients.”
She said the youngster had been able to find out the school’s IP address during an IT class, which identifies a device on the Internet or a local network.
The average age of cyber criminals is 17 and Williams said the case highlighted the importance of getting young people to channel their computer skills in a positive way.
“I work with two police officers who are called prevent officers and their role is about preventing young people from becoming the cyber criminals of the future,” she said. “They do a lot of work with young individuals like this particular child, and they’ll try and steer him away from becoming a cyber criminal, maybe to get a career in IT or cyber security because they’ve got some really, really good skills there. It’s just a matter of using them in the right way.”
Holly Grace Williams, technical director of cyber security expert Secarma didn’t have any knowledge of this particular case but said these types of attacks were less unusual than the public imagined.
“Denial-of-service (DoS) and distributed-denial-of-service (DDoS) attacks work by sending more traffic to a website than the bandwidth can manage,” she explained. “That prevents normal users being able to get through.
“The tools to perform these actions are readily available but attacks like this have significant consequences. There are protections available, like DDoSX by UKFast, which ‘cleans’ the traffic to prevent the website crashing.”
She said trying to crash a school website would be covered by the Computer Misuse Act although it’s not known what action, if any, was taken in this particular case.