The closure of a major online marketplace for paid distributed denial-of-service attacks appears to have done little to slow down the illegal activity.
In late October, HackForums.net shut down its “Server Stress Testing” section, amid concerns that hackers were peddling DDoS-for-hire services through the site for as little as US$10 a month.
According to security experts, the section was the largest open marketplace for paid DDoS attacks — a notorious hacking technique that can disrupt access to internet services or websites. But since the section’s closure, the attacks remain rampant.
In November, for instance, the number of DDoS attacks saw a slight dip from the month before, said Internet backbone provider Level 3 Communications. But starting in December, the number of DDoS attacks it observed almost doubled.
Richard Clayton, director of the Cambridge Cybercrime Centre in the U.K., said his sensor network hasn’t detected any drop in DDoS attacks.
“There’s no real difference in volume from a few months back,” he said in an email.
The hackers behind these DDoS-for-hire services are probably still attracting clients through Google, either with online advertisements or search engine optimization, said Allison Nixon, a director at security firm Flashpoint.
In addition, plenty more paid DDoS attack tools are available for sale on underground forums. “There’s always been more than one outlet for them,” Nixon said. “So I don’t think there’s going to be any immediate change.”
HackForums.net Hack Forums has removed its Server Stress Testing section.
Although DDoS attacks are illegal, many hackers peddle their services by describing them as “booters” or “stressors,” claiming they’re designed to test a website’s resiliency. These services often appear professionally made, include customer support, but they can also flood a target with an overwhelming amount of traffic, forcing it offline.
For hackers, threatening to take down a victim’s website can be lucrative. “We’ve seen these services used for criminal extortion operations,” said Nixon, who’s been researching the illegal trade since 2012.
Building a DDoS-for-service can also be easy. Often times, the hackers will simply rent six to 12 servers, and use them to push out internet traffic to whatever target, she said.
“It really doesn’t take a lot of know-how,” Nixon said. “One thing we’ve noticed is that a lot of underage people will get themselves involved.”
In December, for example, law enforcement agencies in the U.S. and Europe, arrested 34 suspects involved in DDoS-for-hire services, some of whom were 20 years old or younger.
In September, Israeli authorities also arrested two alleged operators of vDOS, a so-called booter service that managed to rake in more than $618,000 and attract tens of thousands of customers. Both suspects were reportedly 18 years old.
Nixon said she’s hopeful more law enforcement agencies will crack down on this illegal business. The problem has become especially serious, following the emergence of Mirai, a malware that’s designed to launch massive DDoS attacks.
Several internet disruptions, including a large-scale attack in the U.S. back in October, have been blamed on the malware. Making the matters worse is that the Mirai source code is openly available on the internet.
“We may not see a decrease in DDoS attacks, but a lot more law enforcement seems to be paying attention to this,” Nixon said.