Incident Details

Incident: Hacker Causes Major Websites to Crash with DDoS Attacks

Published Date: 2015-11-12

Postmortem Analysis
Timeline	1. The software failure incident involving Ian Sullivan flooding servers with fake traffic and conducting DDoS attacks against various organizations occurred between June 7 and July 15, 2013 [53943].
System	The system that failed in the software failure incident described in Article 53943 is: 1. Distributed-denial-of-service (DDoS) protection systems [53943]
Responsible Organization	1. Ian Sullivan flooded the servers of councils, police forces, the Tory party, airlines, and other major organizations with fake traffic, causing the software failure incident [53943].
Impacted Organization	1. Councils, police forces, the Tory party, and airlines [53943] 2. Children's social care organizations, Crimestoppers, British Airways, Merseyside Police, Wirral Council, Carehome.co.uk, Cafcass [53943] 3. Adoption websites [53943] 4. Pornographic sites [53943] 5. Website hosting videos of graphic executions reportedly by Islamic State [53943] 6. Government sites of Bulgaria and Gabon [53943]
Software Causes	1. Distributed-denial-of-service (DDoS) attacks conducted by Ian Sullivan [53943]
Non-software Causes	1. Personal motivations and grievances: Ian Sullivan's personal issues, including the loss of his children to care, his divorce, and his own traumatic experiences, were significant non-software causes of the failure incident [53943]. 2. Mental health issues: Sullivan's diagnosed mental health problems played a role in his actions and decision-making, contributing to the incident [53943]. 3. Social isolation: Sullivan's social isolation, as mentioned in his defense, may have also been a contributing factor to his engagement in cyber attacks [53943].
Impacts	1. Significant financial harm suffered by councils, police forces, the Tory party, airlines, and other major organizations [53943]. 2. Thousands of parents were unable to access vital information due to the attacks on adoption websites [53943]. 3. Companies incurred thousands of pounds in staffing costs as a result of the attacks [53943].
Preventions	1. Implementing robust cybersecurity measures such as firewalls, intrusion detection systems, and regular security audits to prevent unauthorized access and attacks [53943]. 2. Providing proper training and education on cybersecurity best practices to employees and individuals to prevent them from engaging in malicious activities [53943]. 3. Monitoring and analyzing network traffic for unusual patterns that could indicate a potential DDoS attack, allowing for early detection and mitigation [53943]. 4. Encouraging individuals facing personal challenges to seek appropriate support and counseling to prevent them from resorting to harmful actions as a form of protest or retaliation [53943].
Fixes	1. Implementing stronger cybersecurity measures to prevent unauthorized access and DDoS attacks [53943]. 2. Providing mental health support and intervention for individuals like Ian Sullivan who may be engaging in harmful activities due to personal struggles [53943].
References	1. Cyber crime police units 2. Liverpool Crown Court 3. Teresa Loftus, prosecuting 4. Forensics 5. Judge Graham Morrow 6. Kevin Barry, defense attorney 7. Ian Sullivan's Twitter account (@anonian01) 8. Ian Sullivan's internet history 9. Ian Sullivan's parents 10. Various organizations targeted by the attacks (councils, police forces, political party, airlines, children's social care organizations, adoption websites, Crimestoppers, British Airways, Merseyside Police, Wirral Council, Carehome.co.uk, Cafcass, pornographic sites, website hosting graphic executions, government sites of Bulgaria and Gabon) [53943]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident having happened again at one_organization: - Ian Sullivan flooded the servers of various organizations with fake traffic, causing significant financial harm [53943]. - Sullivan targeted adoption websites and other major organizations in a wave of attacks between June 7 and July 15, 2013 [53943]. - Some of Sullivan's attacks were linked to his personal issues, such as his children being taken into care and his own experiences in care [53943]. (b) The software failure incident having happened again at multiple_organization: - Sullivan targeted 17 major organizations, including Crimestoppers, British Airways, and Merseyside Police, in his attacks [53943]. - The impact of Sullivan's actions caused considerable inconvenience and financial loss to some companies [53943]. - Forensics discovered that Sullivan used software called 'RageBooter' to carry out his cyber attacks, indicating a pattern of attacks on multiple organizations [53943].
Phase (Design/Operation)	design, operation	(a) The software failure incident in the article is related to the design phase. Ian Sullivan flooded the servers of various organizations with fake traffic for weeks, causing significant financial harm. He deliberately sourced material from the internet to conduct his attacks, targeting adoption websites and children's social care organizations. The attacks were linked to his personal issues, including his children being taken into care and his past experiences. Sullivan used software like 'RageBooter' to carry out distributed-denial-of-service (DDoS) attacks, indicating a deliberate design of the attack strategy [53943]. (b) The software failure incident in the article is also related to the operation phase. The attacks carried out by Ian Sullivan were a result of his operation of the system, specifically using the 'RageBooter' software to conduct distributed-denial-of-service (DDoS) attacks. The impact of his actions caused considerable inconvenience and financial losses to the targeted organizations. Sullivan's actions were attributed to his personal motivations and experiences, indicating an operational misuse of the system [53943].
Boundary (Internal/External)	within_system	(a) within_system: The software failure incident in this case was primarily due to factors originating from within the system. Ian Sullivan, the hacker, conducted distributed-denial-of-service (DDoS) attacks by flooding the servers of various organizations with fake traffic, causing significant financial harm and disruption. He used software called 'RageBooter' to carry out these cyber attacks [53943]. Additionally, the prosecutor mentioned that Sullivan was self-taught in conducting these attacks and had researched the mechanics of how to carry them out [53943]. (b) outside_system: There is no explicit mention in the articles of contributing factors originating from outside the system that led to the software failure incident.
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident in this case was primarily due to non-human actions. Ian Sullivan, a jobless hacker, flooded the servers of various organizations with fake traffic through distributed-denial-of-service (DDoS) attacks. These attacks were conducted using software called 'RageBooter,' a professional tool for carrying out DDoS attacks [53943]. (b) Human actions also played a significant role in this software failure incident. Ian Sullivan, the hacker, admitted to carrying out the attacks intentionally. He sourced material from the internet to conduct his attacks, targeted specific organizations, and even accessed personal information of individuals related to his grievances. His actions caused significant financial harm and disruption to the targeted organizations [53943].
Dimension (Hardware/Software)	software	(a) The software failure incident in the provided article was not due to hardware issues but rather due to the actions of the individual, Ian Sullivan, who conducted distributed-denial-of-service (DDoS) attacks on various organizations by flooding their servers with fake traffic [53943]. (b) The software failure incident in the article was primarily caused by the actions of Ian Sullivan, who carried out DDoS attacks using software called 'RageBooter' to disrupt the services of multiple organizations. The failure originated in the software used by Sullivan to conduct the attacks, leading to significant disruptions and financial harm to the targeted entities [53943].
Objective (Malicious/Non-malicious)	malicious	(a) The objective of the software failure incident was malicious. Ian Sullivan, a jobless hacker, flooded the servers of councils, police forces, the Tory party, airlines, and other major organizations with fake traffic for weeks, causing 'significant' financial harm [53943]. Sullivan admitted to carrying out distributed-denial-of-service (DDoS) attacks and targeted adoption websites, leaving thousands of parents unable to access vital information. He also accessed the dark web out of 'curiosity' and used professional 'stressing' tools to carry out his cyber attacks [53943]. (b) There is no information in the articles indicating that the software failure incident was non-malicious.
Intent (Poor/Accidental Decisions)	poor_decisions	The intent of the software failure incident in Article 53943 was related to poor_decisions. Ian Sullivan, the hacker, deliberately conducted distributed-denial-of-service (DDoS) attacks on various organizations, including children's social care organizations, adoption websites, and other major entities. His actions were fueled by personal grievances, such as his children being taken into care and his own negative experiences in the care system. Sullivan's attacks caused significant disruption and financial harm to the targeted organizations, showcasing a deliberate and calculated effort to cause damage ([53943]).
Capability (Incompetence/Accidental)	accidental	(a) The software failure incident in this case was not due to development incompetence but rather intentional malicious actions by the individual, Ian Sullivan. He carried out distributed-denial-of-service (DDoS) attacks on various organizations, including councils, police forces, political parties, and airlines, causing significant financial harm [53943]. (b) The software failure incident was accidental in the sense that the attacks were not caused by unintentional errors or faults in the software itself, but rather by deliberate actions of Ian Sullivan, who flooded the servers with fake traffic as part of his cyber attacks [53943].
Duration	temporary	(a) The software failure incident in this case was not permanent. It was a temporary failure caused by the deliberate actions of the hacker, Ian Sullivan, who flooded the servers of various organizations with fake traffic for weeks [53943]. The attacks occurred between June 7 and July 15, 2013, indicating a specific timeframe for the failure to be active. The attacks were carried out using distributed-denial-of-service (DDoS) techniques, causing disruptions and financial losses to the targeted organizations.
Behaviour	crash, omission, value, other	(a) crash: The software failure incident in this case involved crashing the websites of major organizations by flooding their servers with fake traffic for weeks, causing 'significant' financial harm [53943]. (b) omission: The individual behind the software failure incident deliberately targeted adoption websites, leaving thousands of parents unable to access vital information, indicating an omission in the system's intended functions [53943]. (c) timing: There is no specific mention of timing-related failures in the articles provided. (d) value: The software failure incident involved the system performing its intended functions incorrectly, leading to financial losses for some companies and causing considerable inconvenience and sometimes financial loss [53943]. (e) byzantine: The software failure incident did not exhibit behaviors of a byzantine failure. (f) other: The software failure incident involved the individual self-teaching and conducting research on how to carry out the attacks, using professional 'stressing' tools like 'RageBooter' to carry out distributed-denial-of-service (DDoS) attacks, which could be categorized as a sophisticated and intentional attack method not covered by the other options [53943].

IoT System Layer

Layer	Option	Rationale
Perception	None	None
Communication	None	None
Application	None	None

Other Details

Category	Option	Rationale
Consequence	property, non-human, theoretical_consequence	(a) unknown (b) harm: The software failure incident caused 'significant' financial harm to some organizations [53943]. (c) unknown (d) property: The software failure incident resulted in financial losses for some companies, costing them thousands of pounds in staffing costs [53943]. (e) unknown (f) non-human: The software failure incident impacted various organizations' servers, including councils, police forces, the Tory party, airlines, adoption websites, and more [53943]. (g) unknown (h) theoretical_consequence: The judge mentioned that computer crime has the potential to cause inconvenience and financial losses, and hackers from their bedrooms can cause great damage to organizations [53943]. (i) unknown
Domain	information, government	(a) The failed system was intended to support the information industry. The hacker, Ian Sullivan, targeted various organizations involved in information dissemination and management, such as councils, police forces, political parties, airlines, adoption websites, and care organizations, disrupting their operations and causing financial harm [53943]. (b) The failed system was not directly related to the transportation industry. (c) The failed system was not directly related to the natural resources industry. (d) The failed system was not directly related to the sales industry. (e) The failed system was not directly related to the construction industry. (f) The failed system was not directly related to the manufacturing industry. (g) The failed system was not directly related to the utilities industry. (h) The failed system was not directly related to the finance industry. (i) The failed system was not directly related to the knowledge industry. (j) The failed system was not directly related to the health industry. (k) The failed system was not directly related to the entertainment industry. (l) The failed system was indirectly related to the government industry as it targeted government sites of countries like Bulgaria and Gabon, as well as organizations like Crimestoppers and Merseyside Police [53943]. (m) The failed system was not directly related to any other specific industry.

Sources

Liverpool hacker Ian Sullivan who attacked more than 300 websites is jailed - Daily Mail - Published on: 2015-11-12
Article ID: 53943

Back to List