Dhiraagu has become the latest high profile victim of Maldivian cyber crime after continued attacks on the company’s servers during the last few days led to disrupted internet services for its customer; a development that police say serves to highlight concerns over attempts to disrupt the internet services and web sites of state institutions in recent months.
Dhiraagu’s Communications Manager Mohamed Mirshan Hassan said that the company had come under continual denial-of-service (DDoS) attacks since Thursday that had impacted its web services in recent days. Although Mirushan claimed that Dhiraagu had been able to mitigate the impact of the attacks and maintain some web service, he said that the company could not guarantee the situation would not happen again after having experienced a number of similar problems with DDoS since 2009.
The Maldives Police Service today said that it has arrested four individuals suspected of involvement with the attacks after conducting special operations last night at addresses both in Male’ and Addu Atoll.
Three of the suspects were confirmed to be under 18 years of age.
According to police, the country has undergone a number of attacks on government and its own websites in recent months, which has led to specially trained officers focusing on trying to prevent criminal activity online.
Police Sub-Inspector Ahmed Shiyam said that it had managed to apprehended a number of suspects through its own cyber crime team in relation to such attacks, which it said were suspected to be the work of local individuals rather than foreign bodies or groups.
“In previous cases [of cyber crime] we have found it is young people and teenagers that have been involved,” he said. “They often do not demand any reward or payment for the crime, but commit them out of their own interest and amusement. The police are working closely with government on this issue and we take it very seriously.”
In terms of prevention, Shiyam claimed that the police were able to track individuals suspected of conducting cyber crimes relatively easily, but suggested that prosecution remained problematic in certain situations.
“It is challenging, because we are treating cyber crime very seriously,” he said. “We are hoping that new regulations will be passed to help prosecute in the future.”
According to Dhiraagu, a DDoS attack commonly refers to overloading a system or server with information preventing it from functioning properly, recently seen with the difficulties in loading certain web sites. Mirashan said these attacks were equivalent to thousands of cars trying to travel all at once down the two way lane of Majeedhee Magu.
“Dhiraagu has been receiving these type of attacks before since August 2009, but this is one of the largest we have experienced, it is very organised” said Mirushan. “We have been working with our counterparts both in the country and overseas around the clock in order to try and minimise the impacts of the attack on our services.”
Mirushan claimed that similar notable DDoS attacks of late had included targets such as credit groups like Master Card and Visa along with other prominent organisations that had been shut down for prolonged periods of time in certain cases, highlighting the magnitude of disruption that can be caused.
“These are quite common attacks on big global networks. However, DDoS is not directly related to issues of online security,” he said. “They relate to huge amounts of data packages being sent to flood a network.”
According to a recent report by the BBC, online attack mechanisms such as DDoS have been adopted by politically motivated hackers or “hacktivists” to pursue vendettas against companies and groups such as those claimed to have opposed the controversial “whistle-blowing” website Wikileaks.