Stopping cybercrime with a warning
The world of online gaming is huge among teenagers, and is becoming a hotbed for cybercrime. One particular type of hack is a distributed denial of service (DDoS) attack, where a victim’s internet connection is flooded with so much traffic that it shuts down. Gamers are increasingly using these attacks to gain an advantage by knocking their opponents offline. But this activity is illegal, and it can be very disruptive for other innocent Internet users, who can be taken down in the crossfire. So Ben Collier, from the University of Cambridge, has been looking at which sorts of intervention actually work; putting people in prison and stiff penalties don’t seem to make much difference. But taking down the computer networks used to do it works quite well, but best of all is just sending simple warning messages to the people commissioning the attacks. Adam Murphy heard why...
Ben - We've been looking at a particular type of cyber crime called a DDoS. It's like when you go to visit a music festival website when the ticketing is open and everyone crashes the server because there's too many people going on. It's basically like that, but it's been weaponized as a form of cyber attack. So what we've done is we've used a bunch of detection techniques looking at what the police are doing and seeing whether or not it works.
Adam - So how would you go about actually doing that to someone else's computer?
Ben - There's two ways you can do it. So the first one is called a reflection and amplification attack. That's where you look for computers on the internet that are poorly configured and you send them a signal, but when you send them the signal you pretend to be the victim. So you send this signal to them. It's quite a small signal, doesn't take up much resources for you, and they send a very very big signal back, but instead of sending it back to you they send it back to the victim. The second way is using botnets to essentially infect other people's computers using computer viruses and get control of them, and then use these to send lots and lots of these signals and packets of information and overwhelm people's computers.
Adam - Why would you want to do that? So what are people looking to use these for?
Ben - There's a range of different reasons why you might want to knock someone offline. So first and one of the most common ones we see is computer games. So if I'm playing an online computer game, like Call of Duty or something, and I am not very good at it and my opponent is beating me a lot.
Adam - I can relate to that.
Ben - Yeah me too. Then I might want to annoy them or get back at them by booting them off the Internet, and then I would use this service to find out their IP address and then knock off their home connection basically. But the problem is then you might knock off everyone else who is on, you know in their village, or wherever that's on the same sort of service basically. There's some more sort of nasty stuff as well, although those are obviously serious too. So you might want to blackmail a business or another website you know by saying we'll take you offline unless you pay this much money, and then we get into the really serious stuff, so you can use this against infrastructure. For example, you could use it to take a hospitals public systems offline, any kind of public service or things like that, which has a public facing IP address. You can use this to take it offline basically.
Adam - Why do the interventions that work, so taking down the infrastructure and messaging people, why do those interventions work so well?
Ben - So for the infrastructure we think that's because it's a very centralized market. So actually there's around about 50 of these services, you know 50 or 60, doing any real number of attacks at any given time. But actually there's a lot of reselling going on. So there's a small number of people, maybe 10 to a dozen, they're actually running most of the infrastructure, a small number of services, and they basically sell on to the other services their capacity. This means that if you take down the infrastructure, it causes a lot of knock on effects for everyone else, and actually the people that run the infrastructure, so the server managers, their jobs really really boring.
So they're actually quite easy to dissuade, and when we saw this big FBI sting actually we saw lots of these server managers who the networks depend on say yeah I'm done, I'm not interested in this anymore. The messaging interventions a bit more complicated. I think possibly the reason behind it is a kind of like digital guardianship sort of thing. One of the things people often say about cybercrime is that it's often difficult to know online what's legal and what isn't, or when you've crossed that boundary, and I think for a lot of these people there's a lot of basically, young kids, doing this stuff who are doing this but they don't really realize it's illegal.
Actually in these communities a lot of people say ‘oh it's not illegal it's fine’, ‘you know the police don't care about this stuff’. But I think if you're a 15 year old kid and you're sort of searching for this stuff, these adverts hit you basically as soon as the thought was forming in your mind that you want to do it. Bear in mind the thing you're about to do, that we can see you about to do, because you're googling it is illegal, just so you know. So it's kind of like a tap on the shoulder basically saying we're watching you, and we think that the timing and the target nature of the adverts is actually causing this effect.