Kids young as 10 in Fortnite hack scam
ONLINE gamers as young as 10 are seeking revenge on their opponents by crippling their computers with sophisticated malware capable of penetrating government, military and business computer networks.
An international police sting on the world's biggest malicious software marketplace has uncovered dozens of cyber attackers in Australia, and over the past few months NSW detectives have been scrambling to track down each and every user.
They feared a major cyber attack was imminent.
But what they found was dozens of children, who had downloaded the malware - in some cases buying it with a parent's credit card - to inflict revenge on opponents in the online gaming world who'd beat them.
While most of the users, aged between 10 and 31 who police have spoken to were blissfully unaware of how risky the malware was, one Sydney teen allegedly used it to try to hack into his high school's computer system.
Detectives have identified 41 people in NSW who used the malware and are in the process of personally visiting all of them.
They have issued a stern warning for parents to keep a closer eye on their children's online activity, saying the consequences could have been much worse if the malware fell into the wrong hands.
"We were lucky that the use of this software in Australia was mostly used by kids trying to upset an online gaming opponent," State Crime Command acting Assistant Commissioner Stuart Smith said.
"It's equally feasible that in the wrong hands - and with co-ordinated intent - it could've been used to attack systems with sensitive or protected information, such as banking, government, or even military."
The UK's National Crime Authority last year tipped off Dutch police about a server linked to webstresser.org - the world's most popular source of distributed denial of service (DDoS) attacks - based in the Netherlands.
DDoS malware attacks allow a user to infiltrate another computer system or website and slow it down to the point were it can't be used, or throw the victim offline completely.
It is commonly used in the online gaming world as a form of payback to an opponent.
In NSW, police found gamers were purchasing the malware and attacking winning opponents as a form of revenge while playing the incredibly popular shooter game, Fortnite.
In April 2018, Operation Power Off shut down webstresser.org and arrested the site's administrators in Canada, Serbia, Croatia and the UK.
Law enforcement found more than 150,000 people had registered to use the malware and carried out more than 6 million cyber attacks, including targeting police forces, government institutions and banks.
The IP addresses based in Australia were sent to the Australian Federal Police, which identified most of the cyber attackers were living in NSW.
Since September, the NSW Cybercrime Squad has been tracking down the people behind the IP addresses.
They found a majority were teens, including many who lived at home with their parents and had no idea infiltrating a system through DDoS was a criminal offence.
In one case, a 14-year-old boy from Tamworth used the malware to carry out 483 DDoS attacks against other gamers in one month.
A convicted child sex offender was also identified as one of the users. His home in the Southern Highlands was raided and he was charged with unauthorised impairment of electronic communication.
So far, detectives have issued eight cautions to juveniles under the Youth Offenders Act, executed four search warrants and spoken to 25 people who were registered users of the malicious software.
"Technology-enabled and cybercrimes are not the future - they are the here and now," Mr Smith said.
"So we need to keep our finger on the pulse and quickly identify, navigate, and overcome challenges."