UK cyber attacker faces jail for targeting public services sites

A Merseyside man faces a jail term after admitting to a DDoS campaign against public services sites

A Merseyside man faces a jail term after admitting to a distributed denial of service (DDoS) campaign against children’s social services, social housing and crime prevention websites.

Ian Sullivan, 51, of Bootle, Merseyside, carried out a series of DDoS attacks in 2013, targeting a range of business and public sector websites.

These included multinational banks, sites providing support for children going through adoption and divorce proceedings, crime reporting sites and social housing organisations.

None of the websites were hacked and no sensitive data was accessed, but by flooding the web servers with data, more than 300 websites were made inaccessible to users.

Sullivan was arrested in July 2013 in a joint operation by the National Crime Agency’s (NCA) National Cyber Crime Unit (NCCU) and Titan, the North West Regional Organised Crime Unit. Investigators linked the DDoS activity to a Twitter handle which had referenced the attacks.

Analysis of Sullivan’s computer found software designed to take websites offline and documentation linking him to other campaigns and activity carried out by the hacking collective Anonymous.

Sullivan is due to be sentenced at Liverpool Crown Court on 1 May 2015.

“Among other impacts, Sullivan’s actions are likely to have deprived vulnerable people of access to important information, ranging from where to get support on family breakup, to reporting crime anonymously,” said Steven Pye, senior operations manager at the NCCU.

“This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses,” he said.


  • The politics of DDoS response
  • Hybrid DDoS prevention emerges to counter variety of DDoS attacks
  • Beyond the Page: Web security meets DDoS
  • In denial about DDoS: Defense planning falls short
  • DDoS defense planning falls short
  • Are you in denial about DDoS defense planning?
  • SSDP DDoS attacks driving up average DDoS sizes
  • DDoS mitigation: Denying denial-of-service attacks
  • ‎DDoS is a threat to all businesses, says Neustar

Although DDoS attacks do not result in a loss of data, they can be extremely costly to businesses that rely on web-based transactions or interactions through a website, said Seth Berman, executive managing director at global digital risk and investigations firm Stroz Friedberg.

Financial services firms, companies that have a high-volume of web-based transactions and businesses that rely on other organisations such as banks to complete transactions are particularly vulnerable to DDoS attacks.

Such attacks can be used to harm the business of competitors, hold organisations to ransom, or to make a political or ideological point.

Phil Huggins, vice-president, security science, at Stroz Friedberg, said, in his experience, customer organisations typically have two suppliers for key services.

“If one goes down due to a DDoS attack, customers will simply switch to the other supplier – but the business impact is that they seldom come back,” he said.

Although DDoS attacks are closer to being a “nuisance” than a “crisis”, Berman said web-based organisations should ensure that they have adequate DDoS mitigations in place.

Huggins said that when outsourcing DDoS mitigation, organisations should ensure their suppliers are able to provide adequate protection and that mitigation covers entire systems.

“If one route for attack is not covered, web-based platforms can still be downed by DDoS attacks through other parties connected to the platform,” he said.

Cyber attackers should not be under-estimated, said Huggins, citing the case of a sector-wide campaign in which hacktivists increased the sophistication of the DDoS attacks as mitigations were put in place.

“The campaign started with simply flooding servers, but then became gradually more complicated, eventually targeting components of specific applications,” he said.

According to a recent study by security firm Kaspersky Lab, DDoS attacks on a company could potentially cause losses of around $400,000.

Dave Larson, chief technology officer at network security firm Corero, said DDoS attacks threaten service availability, disrupt IT networking and security procedures and affect the business beyond just the outage itself.  

“In addition to the cost associated with the downtime caused, there is another component to the cost of an attack that is not always considered – DDoS as a distraction as a part of a complex hybrid breach attempt,” he said.

Larson said that as the DDoS threat landscape continues to evolve, researchers are seeing an escalation in multi-vector attacks to overcome traditional DDoS defences and distract security personnel for the purpose of data exfiltration.

“When DDoS attack traffic is filling up logging tools, over-running firewalls and saturating your internet link, it becomes increasingly difficult to break through the noise and identify more nefarious activity. The cost of a DDoS attack increases exponentially in this scenario,” said.

Read more on Hackers and cybercrime prevention