Topic Bank: How the attack happened

The successive hacker attacks that have occurred in the last 48 hours on its website have caused problems Subject Bank, which caused the immediate intervention of the prosecutor of the Supreme Court, Isidoros Dogiakou.

According to a joint announcement by the Ministries of Digital Governance and Education, it is estimated that in just one hour on Tuesday, 165 million "hits" were recorded from 114 countries, while they assure that the Pan-Hellenic Examinations will be held normally and with absolute security and that "no student of the XNUMXrd Lyceum will be excluded from the process of the Pan-Hellenic Examinations, due to the malicious attacks".

But what are the DDoS attacks that electronics received? of the Subject Bank? How easy or difficult is it for a sophisticated hacker to pull them off? How much do these cyberattacks cost and what should public bodies do to protect themselves from them?

Liberal.gr talked about this issue, with Anastasia Vasiliadis, Cybersecurity expert, looking for answers to these questions.

As An. Vasiliadis explains,

"The DDoS or else distributed denial-of-service is a type of attack that targets the server and not him in order to overload it with connections. DDoS attacks are successful when coordinated by botnets, making their power much greater.”

"In simple words, the attacker sends files or data of a very small capacity, just a few bytes, in a massive way, with the aim of overloading the website - the goal is to eventually crash it. The issue is that the website will go down, since it does not have any anti-Ddos system or any kind of security and also if it does not have a very strong bandwidth, i.e. if it has not paid a strong server, it can "raise" a certain volume of data and from there it drops," he emphasizes.

How a DdoS attack starts

hacker

Estimating that this is a classic hacker tactic, An. Vassiliadis points out that "in essence, the astute ones created fictitious (remote?) , as a result of which the network to which the Subject Bank is a part collapses."

"For example, when some hackers want to see on which server a website is located and if it has Cloudflare, they do a DdoS attack, to crash Cloudflare and see the real IP address of the website. That is, the hackers have a paid server called a "stresser", which can pick up a very large amount of data and with one command through its terminal, manages and "drops" these sending millions or even billions of "packets" of data. They send such a large amount of data to a server, which either has e.g. only the Topic Bank or – worse – it also hosts other websites, it crashes”.

How much does such an attack cost a hacker

Anastasis Vasiliadis estimates that the cost of such an attack is very small for a sophisticated hacker, reaching 25 euros per month.

“There are services / programs which are provided free of charge and with the subscription of a "stresser" as a "package" their cost does not exceed 25 euros on a monthly basis", he notes characteristically.

How websites are protected from DdoS attacks

As A. Vassiliadis explains, there are specific ways of dealing with such cyberattacks and as he typically says "prevention plays a catalytic role in all of this".

"First of all, the first thing that everyone has to do of a website is to obtain a program (script) called "anti-DdoS filter". This program prevents such attacks by eliminating them completely. Such a program "cuts" such hacker attacks in seconds, preventing any attempt to cause chaos."

At the same time, he emphasizes that it is important for each network manager to carry out stress tests at regular intervals, in order to test the endurance and above all the level of the networks under their supervision.

Dogiakou's prosecutorial intervention regarding the cyber attack on Theme Bank

In the meantime, the Prosecutor of the Supreme Court, Isidoros Dogiakos, forwarded his order to the Head of the Athens First Instance Prosecutor's Office, Antonis Eleftherianos, while according to the order, in order to identify the perpetrators, the competent authorities can even proceed with confiscation of findings and other evidence which can lead to the identification of faults.

The investigations of the Electronic Crime Prosecution Directorate are in full progress. Experienced police officers gather evidence, while findings may be confiscated, so that EL.AS. to identify and arrest the perpetrators.

The problems were identified very strongly in the schools of Corfu, Thesprotia and Ilia, as well as in Keratsini, in Attica.

G.G. Secondary for Subject Bank: "Attack of titans on education"

Alexandros Koptsis, who is the Secretary General of Primary and Secondary Education of the Ministry, spoke to ERT about the problems recorded on Monday and Tuesday with the Subject Bank due to cyber attacks on the entire network of EDYTE (National Network of Technology and Research Infrastructures). Education.

"This is an attack on education. I feel deeply hurt by the actions of some who are plotting such difficult and anxious times for our students.

I call it in full knowledge an immoral attack. I say this because the system was working normally since Tuesday when the promotion and graduation exams started. And yesterday morning we received a megaton attack. Think there was no access to the system or systemic.

There was a flow of accessibility, that is, a wall was erected against the topic bank with 280.000 virtual, fake connections per second. This went on for hours," emphasized Mr. Koptsis.

He also added:

"Because we had security measures and we had a constant communication with the Ministry of Education very quickly, in an incredible time, we remedied the issue and these attacks continued for hours afterwards. I must tell you that we were at least every quarter with all our executives in constant communication and guiding them. And it is no coincidence that the state worked flawlessly because 90% of the students passed these exams."

Regarding today's new attack, he emphasized that "while we were on the subject all night and our technicians without a moment of sleep and nothing had been done, we had a bigger attack. It will not pass them. The state is here and will support our students. It will not pass them. I say it in capital letters.

There was an attack not only on the system yesterday, but on all collateral systems, even the WiFi on the Panhellenic School Network with the aim of preventing teachers from logging in. This moment was restored. Probably many schools entered."

Mr. Koptsis explained that over 1.000 schools are already in now and getting issues, but a few may have some delays. "We are satisfied with the flow. At the moment the children will be taking these tests and I have to say that we are within time frames. What we had decided was that the exams would end today, regardless of whether some schools ended earlier, and the results would be released tomorrow. ».

As for the 15st and XNUMXnd Lyceum schools, which failed to take the exams yesterday, he explained that the deadline is until June XNUMX to take the exams. "There is the prescribed margin and each school arranges the date on which these A' and B' high school exams will be held."

Regarding the Panhellenic exams, he said that today, Tuesday, the exams of all the students of the XNUMXrd Lyceum will be completed, so the children will go to the EPAL exams on Thursday and the GEL exams on Friday without the slightest problem. They will start normally, despite the incredible unprecedented attack they received.

He appeared reassuring about the possibility of a similar attack against the Panhellenic women and noted: "We are taking our measures. I can't say anything more. The students will be safe, rest assured."

Source: liberal.gr

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Theme Bank

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).