Topic Bank: How the attack happened

An expert explains

The successive hacker attacks that have occurred in the last 48 hours on its website have caused problems Subject Bank, which caused the immediate intervention of the prosecutor of the Supreme Court, Isidoros Dogiakou.

According to a joint announcement by the Ministries of Digital Governance and Education, it is estimated that in just one hour on Tuesday, 165 million "hits" were recorded from 114 countries, while they assure that the Pan-Hellenic Examinations will be held normally and with absolute security and that "no student of the XNUMXrd Lyceum will be excluded from the process of the Pan-Hellenic Examinations, due to the malicious attacks".

But what are the DDoS attacks that the Subject Bank's electronic platform received? How easy or difficult is it for a sophisticated hacker to pull them off? How much do these cyberattacks cost and what should public bodies do to protect themselves from them? talked about this issue, with Anastasia Vasiliadis, Cybersecurity expert, looking for answers to these questions.

As An. Vasiliadis explains,

"The DDoS or else distributed denial-of-service is a type of attack that targets him and not the computer in order to overload it with connections. DDoS attacks are successful when coordinated by botnets, making their power much greater.”

"In simple words, the attacker sends files or data of a very small capacity, just a few bytes, in a massive way, with the aim of overloading the website - the goal is to eventually crash it. The issue is that the website will go down, since it does not have any anti-Ddos system or any kind of security and also if it does not have a very strong bandwidth, i.e. if it has not paid a strong server, it can "raise" a certain volume of data and from there it drops," he emphasizes.

How a DdoS attack starts


Estimating that this is a classic hacker tactic, An. Vassiliadis points out that "in essence, the astute people created fictitious (remote?) users, as a result of which the network to which the Topic Bank is a part collapses."

"For example, when some hackers want to see which server a website is on and if it has Cloudflare protection, they do a DDoS attack, to bring down Cloudflare and see the real website address. That is, the hackers have a paid server called a "stresser", which can pick up a very large amount of data and with one command through its terminal, manages and "throws" these websites by sending millions or even billions of "packets" data. They send such a large amount of data to a server, which either has e.g. only the Topic Bank or – worse – it also hosts other websites, it crashes”.

How much does such an attack cost a hacker

Anastasis Vasiliadis estimates that the cost of such an attack is very small for a sophisticated hacker, reaching 25 euros per month.

"There are services / hacking programs that are provided for free and with the subscription of a "stresser" as a "package" their cost does not exceed 25 euros on a monthly basis", he notes characteristically.

How websites are protected from DdoS attacks

As A. Vassiliadis explains, there are specific ways of dealing with such cyberattacks and as he typically says "prevention plays a catalytic role in all of this".

"First of all, the first thing that every website administrator must do is to get a program (script) called "anti-DdoS filter". This program prevents such attacks by eliminating them completely. Such a program "cuts" such hacker attacks in seconds, preventing any attempt to cause chaos."

Παράλληλα, τονίζει ότι είναι σημαντικό οι εκάστοτε διαχειριστές δικτύων να πραγματοποιούν ανά τακτά χρονικά διαστήματα test, ώστε να δοκιμάζουν τις αντοχές και κυρίως το επίπεδο ασφαλείας των δικτύων που έχουν υπό την εποπτεία τους.

Dogiakou's prosecutorial intervention regarding the cyber attack on Theme Bank

In the meantime, the Prosecutor of the Supreme Court, Isidoros Dogiakos, forwarded his order to the Head of the Athens First Instance Prosecutor's Office, Antonis Eleftherianos, while according to the order, in order to identify the perpetrators, the competent authorities can even proceed with confiscation of findings and other evidence which can lead to the identification of faults.

The investigations of the Electronic Crime Prosecution Directorate are in full progress. Experienced police officers gather evidence, while findings may be confiscated, so that EL.AS. to identify and arrest the perpetrators.

The problems were identified very strongly in the schools of Corfu, Thesprotia and Ilia, as well as in Keratsini, in Attica.

G.G. Secondary for Subject Bank: "Attack of titans on education"

Alexandros Koptsis, who is the General Secretary of Primary and Secondary Education of of Education.

"This is an attack on education. I feel deeply hurt by the actions of some who are plotting such difficult and anxious times for our students.

I call it in full knowledge an immoral attack. I say this because the system was working normally since Tuesday when the promotion and graduation exams started. And yesterday morning we received a megaton attack. Think there was no access to the system or even a system breach.

There was a flow of accessibility, that is, a wall was erected against the topic bank with 280.000 virtual, fake connections per second. This went on for hours," emphasized Mr. Koptsis.

He also added:

"Because we had security measures and we had a constant communication with the Ministry of Education very quickly, in an incredible time, we remedied the issue and these attacks continued for hours afterwards. I must tell you that we were at least every quarter with all our executives in constant communication and guiding them. And it is no coincidence that the state worked flawlessly because 90% of the students passed these exams."

Regarding today's new attack, he emphasized that "while we were on the subject all night and our technicians without a moment of sleep and nothing had been done, we had a bigger attack. It will not pass them. The state is here and will support our students. It will not pass them. I say it in capital letters.

There was an attack not only on the system yesterday, but on all collateral systems, even the WiFi on the Panhellenic School Network with the aim of preventing teachers from logging in. This moment was restored. Probably many schools entered."

Mr. Koptsis explained that over 1.000 schools are already in now and getting issues, but a few may have some delays. "We are satisfied with the flow. At the moment the children will be taking these tests and I have to say that we are within time frames. What we had decided was that today the exams end, regardless of whether some schools ended earlier, and tomorrow the results come out."

As for the 15st and XNUMXnd Lyceum schools, which failed to take the exams yesterday, he explained that the deadline is until June XNUMX to take the exams. "There is the prescribed margin and each school arranges the date on which these A' and B' high school exams will be held."

Regarding the Panhellenic exams, he said that today, Tuesday, the exams of all the students of the XNUMXrd Lyceum will be completed, so the children will go to the EPAL exams on Thursday and the GEL exams on Friday without the slightest problem. They will start normally, despite the incredible unprecedented attack they received.

He appeared reassuring about the possibility of a similar attack against the Panhellenic women and noted: "We are taking our measures. I can't say anything more. The students will be safe, rest assured."

Source: The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new by email.

Theme Bank

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).