How a 16 year old brought Microsoft and Sony with DDoS attack

In your long list of business priorities, protecting yourself from a DDoS attack may not feature highly. However, DDoS attacks are on the rise, particularly amongst small to medium sized enterprises that leave themselves vulnerable.

Hitting the headlines recently, is British teenager Adam Mudd, who was just 15 when he created software that lead to more than 1.7 million cyber attacks across the globe. All from the comfort of his own bedroom.

Global chaos

Not only did he successfully take down the websites of Cambridge University, Microsoft and Sony with DDoS attacks, he also sold his so-called Titanium Stresser software to criminals for a reported £386k. Mudd, now 20, was sentenced to two years in jail in April 2017.

It’s estimated the programme was used to hack the websites of businesses based in almost every major city, and Mudd carried out 594 attacks himself between December 2013 and March 2015. An estimated 112,000 users who purchased the software went on to hack over 666,000 IP addresses - almost 53,000 of which were in the UK.

And his motivation? At his court hearing Mudd claimed he was more interested in the ‘status’ than financial gain. However, there’s no denying DDoS attacks are big business for cyber criminals.

The court heard the DDoS attacks had caused "incalculable" damage to work and productivity. One heavily hit company was fantasy game RuneScape, which was reported to have suffered a revenue loss of £184,000 and had to spend £6 million trying to defend itself.

DDoS threat to business

DDoS, or Distributed Denial of Service attacks, cause untold damage by flooding networks with more traffic than it is able to deal with. An attack can take your system offline for minutes, hours, days or longer - causing significant damage to your business operations and your reputation. Since a DDoS attack comes from hundreds, sometimes thousands, sources, it’s impossible to stop the attack by simply blocking an IP address. All businesses - large or small - need to recognise the real risk of DDoS attacks and ensure they have proper protection in place.

Archive