1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

11/18/2017

0 Comments

Beware of DDoS-for-Hire

 
DDoS for hire

Beware of DDoS-for-Hire

Distributed-denial-of-service (DDoS) attacks have become a public menace.

DDoS was once a tool used by hactivists to further their social or political ends. In recent years, DDoS has become a toll for purely financial gain and for utter destruction. DDoS-for-hire services, also known as stressers or booters, have grown in recent years.

One DDoS-for-hire organization offers its DDoS service for a monthly fee of $7. A simple online search using the keyword “stressers” or “booters” will yield a number of organizations offering DDoS services for a fee. One DDoS mobile app even showed up on Google Play but this one was immediately pulled out.

Many of these DDoS-for-hire services openly advertise their services on the guise of offering a legitimate DDoS service. The reality is that it’s not illegal to conduct a DDoS attack or stress test on a website, for instance, to test the capacity of the site to receive high volume of traffic or to test how to deflect unwanted volume of traffic. The question of legitimacy comes on whether or not the owner of the website authorizes the stress test.

According to the FBI, the hiring of stresser or booter service to carry out a DDoS attack to take down a website is punishable under the US law called “Computer Fraud and Abuse Act” and this may result in any one or a combination of the following: seizure of computers and other electronic devices, arrest and criminal prosecution, significant prison sentence, penalty or fine.

“Booter and stresser services are a form of DDoS-for-hire – advertised in forum communications and available on Dark Web marketplaces – offering malicious actors the ability to anonymously attack any Internet-connected target,” the FBI said. “These services are obtained through a monetary transaction, usually in the form of online payment services and virtual currency.”

What Can a DDoS-for-Hire Service Actually Do?

To understand what a DDoS-for-hire service can actually do, let’s take a look at the Gammel case and the Dyn case.

Gammel Case

The Gammel case is the first Minnesota case to address the DDoS-for-hire cybercrime. In April of this year, in a criminal complaint filed before the US District Court of Minnesota, the Federal Bureau of Investigation (FBI) alleged that Gammel, a former employee of Washburn Computer Group – a Minnesota-based company – paid several DDoS-for-hire services to bring down 3 websites of Washburn in a more than one-year-long DDoS campaign.

According to the FBI, the first 2 websites of Washburn were knocked down several times as a result of the DDoS attacks paid by Gammel. The FBI also alleged that the 3rd website – the one that replaced the 2 other sites of Washburn – was knocked down several times as well a result of the DDoS orchestrated by Gammel. Washburn claimed that the DDoS attacks resulted in a minimum of $15,000 in loss.

In the criminal complaint, the FBI defined DDoS attack as "an attempt to make a machine or network resource unavailable to its intended users, such as by temporarily or indefinitely interrupting or suspending services of a host connected to the Internet, usually by shutting down a website or websites connected to target of the DDoS attack.”

Dyn Case

The DDoS attacks against Dyn – a domain name service (DNS) provider to which many websites rely on – was considered as one of the largest. Because of the DDoS attacks against Dyn, 80 widely used websites like Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix were rendered temporarily inaccessible to the public.

“The [Dyn] attack used a booter service and was attributed to infected Internet of Things (IoT) devices like routers, digital video recorders, and Webcams/security cameras to execute the DDoS attack,” the FBI said.

According to the FBI source, the DNS provider lost approximately 8% of its customers following the DDoS attacks.

How a DDoS Attack Works?

In the Dyn case, the company itself confirmed that the Mirai botnet was the primary source of DDoS attacks although it won't comment about the motivation or the identity of the attackers.

According to Dyn, on October 21, 2016, it observed a high volume of traffic on 2 occasions in its Managed DNS platform in the Asia Pacific, South America, Eastern Europe and US-West regions. The company said that the 2 major DDoS attacks on its Managed DNS platform involved 100,000 compromised IoT devices originating from different parts of the globe that were infected by the Mirai botnet.

The Mirai botnet works by infecting IoT devices with weak security – those that use default usernames and passwords – and turned them into bots or robots that can be ordered around, in this case, to conduct DDoS attacks.

The effects of malicious and unauthorized DDoS attacks are immediate. They render targeted websites inaccessible or slow. As experienced by Washburn and Dyn, DDoS attacks proved to be costly and can cause businesses to lose customers.

Availability of DDoS Tools

The danger of DDoS attacks is the tools for this cybermenace aren’t just available from the DDoS-for-hire services themselves but from public sources. For instance, one can conduct a DDoS attack on his or her own using the Mirai botnet as the source code of this was made available in September of this year to the public by someone who calls himself or herself “Anna-senpai”.

DDoS tools are also evolving. Just days after the online publication of the Mirai source code, a new DDoS tool called “Reaper” emerged. This DDoS tool hasn’t attacked yet as it’s still in the process of infecting vulnerable IoT devices. The stark difference between the 2 DDoS tools is that while the Mirai infected 100,000 IoT devices, the Reaper has infected over half a million IoT devices. This means that this new botnet is much more powerful.

While it’s cheap to hire malicious cyberactors to conduct DDoS attacks, it’s equally affordable to hire professionals to prevent DDoS attacks. Contact us today if your company is currently burdened by this cybermenace or if your organization simply wants to be proactive in stopping DDoS attacks.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2025
    February 2025
    January 2025
    November 2024
    October 2024
    September 2024
    July 2024
    June 2024
    April 2024
    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    AI Security
    Artificial Intelligence
    ATP
    Awareness Training
    Blockchain
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cybercrime
    Cyber Espionage
    Cyber Insurance
    Cyber Security
    Cybersecurity
    Cybersecurity Audit
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    Data Privacy
    DDoS
    Email Security
    Endpoint Protection
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    Incident Management
    Insider Threat
    IoT
    Machine Learning
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third Party Risk
    Third-Party Risk
    VCISO
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
SME CyberShield
​Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2025 Driz Group Inc. All rights reserved.
Photo from GotCredit