No, you don’t have to be ISIS to pull off a DDoS attack

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

JanetFor a couple of days Janet, the academic computer network used by universities and colleges up and down the UK, has been hit by a significant distributed denial-of-service attack.

The tech press has written about the attack responsibly, but sadly the same cannot be said for at least one corner of the mainstream press here in Great Britain.

Story in Express newspaper

If you were to believe the story in the Express, you would think that the perpetrators of the “hack” (note to Express journalists – a DDoS attack isn’t a hack) was undertaken by no less a bunch of baddies than ISIS.

Sign up to our free newsletter.
Security news, advice, and tips.

And why does the Express journalist point a finger at Islamic State for the attack? Well, an anonymous student thinks it might be them:

University College London (UCL) faced internet disruption yesterday, which left some without vital access to WiFi for hours.

A UCL student, who asked not to be named, said: “The timing is dreadful – it makes you think that it was the work of a terrorist organisation.

“IS have the technology to pull off such a heinous act of cyber-crime, so maybe it was them.”

Hmm. I wonder if this unnamed source is studying creative writing rather than computing?

The fact is that anyone with an internet connection can easily start a DDoS attack. You don’t need sophisticated “technology to pull off such a heinous act of cyber-crime”. If you don’t have the wherewithal to conduct the attack yourself, all you need is a Bitcoin account, and the ability to find some lowlife who will happily point his botnet at whichever server you wish to bombard with traffic.

This is precisely what British teenagers are suspected of doing with the LizardStresser tool, for instance.

I feel bad for the students and staff who are disrupted by the denial-of-service attack against the Janet network, and I hope that Janet’s IT staff are successful in mitigating the impact of the attack.

But to call it a “hack” or to point a finger at ISIS is just silly.

You can read more about the DDoS attack on the Janet network here.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “No, you don’t have to be ISIS to pull off a DDoS attack”

  1. coyote

    'University College London (UCL) faced internet disruption yesterday, which left some without vital access to WiFi for hours.'

    Maybe I'm missing something but Internet access isn't usually vital. People survived for centuries without it.

    'A UCL student, who asked not to be named, said: "The timing is dreadful – it makes you think that it was the work of a terrorist organisation.'

    Yes, I'm sure no Internet access is a terrifying prospect. The horror… what would it be like without the Cold War? What about those who went to school before The Cold War?

    "IS have the technology to pull off such a heinous act of cyber-crime, so maybe it was them."

    Heinous indeed. Idiots like to speculate, scaremongers like to scare, many people prefer sensationalism so perhaps [you] are an idiot, a scaremonger and prefer sensationalism over reality.

    Terrifying it as it might be, my suggestions are at least some what valid whereas [your] suggestions are rubbish.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.