You don't need to be an IT expert to mastermind cyber-attacks

  

Anyone with a sinister mind and some dollars to spare could mastermind a cyber-attack such as the one the Australian Bureau of Statistics is claiming hit the Census website last night, according to a Deakin University cyber security expert.

Associate Professor Phillip Dawson said that while is it unclear if the issues with the Census website were the result of a denial of service attack, anyone with a little bit of knowledge of how to access providers of botnets (a network of computers infected with malicious software) could arrange such an attack.

"Without access to the server logs of the site, we can't say for certain that an attack occurred, or what sort of attack happened," Associate Professor Dawson said.

"There is no evidence on the sites that track denial of service attacks in Australia of any massive flood of activity into the country that would point to an attack from overseas.

"One possible explanation could be that the site was already at capacity, and was hit by relatively modest attacks which pushed it over the edge – the "digital straw that broke the camel's back". Once a site is overloaded, it can be hard to bring it back up.

"That said, a good denial of service attack looks a lot like millions of Australians pressing refresh on a website at the same time, as would have been occurring last night."

Associate Professor Dawson explained that in this era of the Internet of things, there are far more opportunities for people with a little bit of knowledge to rent a botnet that would allow them to take advantage of weaknesses in hardware and software to download malware to attack websites.

"For example, someone with a bit of IT nouse could locate and take advantage of weakness in a computer, phone or Internet-enabled fridge and load malware on those devices. Through the dark web they can then advertise their cyber-attack capability (such as how many devices they have accessed and bandwidth) and name their price. Botnets can be rented for as little as $50 up to several thousands of dollars," he said.

Explore further: WikiLeaks: Our site's been hit by weeklong attack