DDoS-for-hire services thrive despite closure of major marketplace

HackForums.net has shut down its Server Stress Testing section, which was accused of selling DDoS-for-hire services.

The closure of a major online marketplace for paid distributed denial-of-service attacks appears to have done little to slow down the illegal activity.

In late October, HackForums.net shut down its "Server Stress Testing" section, amid concerns that hackers were peddling DDoS-for-hire services through the site for as little as US$10 a month.

According to security experts, the section was the largest open marketplace for paid DDoS attacks -- a notorious hacking technique that can disrupt access to internet services or websites. But since the section's closure, the attacks remain rampant.

In November, for instance, the number of DDoS attacks saw a slight dip from the month before, said Internet backbone provider Level 3 Communications. But starting in December, the number of DDoS attacks it observed almost doubled.

Richard Clayton, director of the Cambridge Cybercrime Centre in the U.K., said his sensor network hasn't detected any drop in DDoS attacks.

"There's no real difference in volume from a few months back," he said in an email.

The hackers behind these DDoS-for-hire services are probably still attracting clients through Google, either with online advertisements or search engine optimization, said Allison Nixon, a director at security firm Flashpoint.

In addition, plenty more paid DDoS attack tools are available for sale on underground forums. "There’s always been more than one outlet for them," Nixon said. "So I don’t think there’s going to be any immediate change."

hackforum2 HackForums.net

Hack Forums has removed its Server Stress Testing section.

Although DDoS attacks are illegal, many hackers peddle their services by describing them as "booters" or "stressors," claiming they’re designed to test a website's resiliency. These services often appear professionally made, include customer support, but they can also flood a target with an overwhelming amount of traffic, forcing it offline.

For hackers, threatening to take down a victim’s website can be lucrative. "We've seen these services used for criminal extortion operations," said Nixon, who's been researching the illegal trade since 2012.

Building a DDoS-for-service can also be easy. Often times, the hackers will simply rent six to 12 servers, and use them to push out internet traffic to whatever target, she said.

"It really doesn’t take a lot of know-how," Nixon said. "One thing we've noticed is that a lot of underage people will get themselves involved."

In December, for example, law enforcement agencies in the U.S. and Europe, arrested 34 suspects involved in DDoS-for-hire services, some of whom were 20 years old or younger.

In September, Israeli authorities also arrested two alleged operators of vDOS, a so-called booter service that managed to rake in more than $618,000 and attract tens of thousands of customers. Both suspects were reportedly 18 years old.

Nixon said she's hopeful more law enforcement agencies will crack down on this illegal business. The problem has become especially serious, following the emergence of Mirai, a malware that’s designed to launch massive DDoS attacks.

Several internet disruptions, including a large-scale attack in the U.S. back in October, have been blamed on the malware. Making the matters worse is that the Mirai source code is openly available on the internet.

"We may not see a decrease in DDoS attacks, but a lot more law enforcement seems to be paying attention to this," Nixon said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?