News from the Michigan Cyber Command:

The Michigan Cyber Command Center (MC3) has seen an increase in distributed denial of service (DDoS) attacks against school districts being perpetrated by students. The reasons behind these attacks have ranged from boredom to not wanting to take a test or do homework. A variety of tools have been used for the DDoS attacks including free and paid services. While some of these tools are malicious in nature, many legitimate services have been repurposed and used for malicious intent.

The MC3 has had multiple cases in which students have utilized online stressors. These sites are designed to test networks against a real attack and are used for penetration testing purposes. In many incidents, students utilized the service’s free trial feature. However, we have seen an instance where payment was made for the service.

In a recent incident, a student communicated with others overseas to learn about DDoS tools and techniques so that they could take down their school network. Specifically, they were looking to take down the network on days where they had to bring their own devices to complete homework during school. To do this, they misused an online stressor service. Their attacks were successful in taking down the school’s network. However, they unintentionally took down additional organizations as well. When asked about why they DDoSed the school, the student told investigators they thought it would be fun, were bored, and didn’t want to do their homework.

The previous example is one of many the MC3 has seen over the last year. To help protect against DDoS attacks, the following options should be considered.

  • Have a plan for how to deal with this type of attack.
  • Keep in contact with your Internet Service Provider (ISP) and know who to talk with should a DDoS attack occur.
  • Research and identify companies which can provide mitigation assistance during these types of attacks. If possible, have an agreement in place so that if an incident occurs, the company can provide immediate assistance.
  • Have an acceptable use policy in place for all of the organization’s equipment and applications. Additionally, the organization should have acceptable use policies for devices coming onto the network and into facilities.
  • Have appropriate logging in place and store logs for as long as possible.

MC3 personnel will continue to monitor the situation and will notify as necessary. Any additional questions or concerns can be sent to