01
Aug 11

Digital Hit Men for Hire

facebooktwittergoogle_plusredditpinterestlinkedinmail

Cyber attacks designed to knock Web sites off line happen every day, yet shopping for a virtual hit man to launch one of these assaults has traditionally been a dicey affair. That’s starting to change: Hackers are openly competing to offer services that can take out a rival online business or to settle a score.

An ad for a DDoS attack service.

There are dozens of underground forums where members advertise their ability to execute debilitating “distributed denial-of-service” or DDoS attacks for a price. DDoS attack services tend to charge the same prices, and the average rate for taking a Web site offline is surprisingly affordable: about $5 to $10 per hour; $40 to $50 per day; $350-$400 a week; and upwards of $1,200 per month.

Of course, it pays to read the fine print before you enter into any contract. Most DDoS services charge varying rates depending on the complexity of the target’s infrastructure, and how much lead time the attack service is given to size up the mark. Still, buying in bulk always helps: One service advertised on several fraud forums offered discounts for regular and wholesale customers.

The unwitting conscripts in these cyber armies are hacked PCs that the service owners remotely control via malicious software. Some DDoS services disclose how many bots they have corralled into their armies. One service claims: “Average in-line bots from 1,500 to 5,000 bots, enough to work on challenging projects with an anti-DDoS protection, and protection type CISCO ™ GUARD.”

A DDoS gang that has been in operation for at least three years, sells a do-it-yourself DDoS kit that it markets as an easy way to build your own bot army. The Darkness DDoS army creation package includes a bot builder and a Web-based administration panel that is used to remotely monitor and control the bots.

According to the Darkness creators, the bot is continuously being updated by testers and coders (reportedly in its ninth major revision). It claims to be able to configure infected machines for use in four types of DDoS attacks at a moment’s notice, and to steal passwords stored by a variety of Web browsers and Windows programs.

“Our bot has almost no load on the system, allowing it to remain invisible for very long,” the Darkness team boasts in its ads. “Bot is lightweight and gets along well in the system.”

How many infected PCs or bots does one need to incapacitate an intended target? The individuals pimping the Darkness DDoS botnet creation package provide a handy reference.

From their ad (translated from Russian):

• 15-30 bots (!!!) knock off line a relatively small site.

• 250-280 bots – the average site.

• 750-800 bots – a large site.

• 2,000-2,500 bots – great site with Anti-DDoS protection

• 4,300-4,700 bots – a cluster of sites, even when using the Anti-DDoS protection, blocking, etc.

• 15-20 thousand bots – take offline virtually any site with any protection.

Anyone interested in a technical analysis of the software that powers these DDoS services should take a look at research from Shadowserver.org, Arbor Networks and Dell SecureWorks.

Have you seen:

Where Did That Scammer Get Your Email Address?…You’ve seen the emails: They claim to have been sent by a financial institution in a faraway land, or from a corrupt bureaucrat in an equally corrupt government. Whatever the ruse, the senders always claim to need your help in spiriting away millions of dollars. But where in the world do these scammers get their distribution lists, and how did you become a target?

Tags: , , , ,

6 comments

  1. Since the AV companies write Malware, perhaps the CDN providers are selling DDOS botnets….

  2. Seems logical. Follow the money. If there’s money to be made by doing some activity someone will do it, no matter how annoying the results of that activity are. It is, unfortunately, human nature that there’s always someone in the far reaches of the normal distribution ready and willing to do anything.

    BTW: does this rule have a number, like Rule 34? It will be so much easier to refer to it if it has. :-)

  3. Robert P.Burke

    One way you might check to see if you have been re-routed by the underworld to the internet is to check with the banner ads for animation ability. The entry is via Ad executive accounts.

    They might see you also.

  4. No matter where you go, there will be people playing nasty. It’s not about technology; it’s about human nature. If you depend on your website for your income, and you are in a highly competitive and concentrated niche, you had better be prepared for this.

  5. so if 15-20 thousand bots – take offline virtually any site with any protection can incluse google or another giant site