DDoS as a service: the monetisation of hacking

Polish airline LOT is the latest victim of a Distributed Denial of Service attack that wreaked havoc on the company for a total of five hours on 21 June — disabling flight plans, grounding dozens of planes, and delaying 1,400 passengers at Warsaw Chopin Airport.

While not everyone is in charge of an airline, DDoS attacks can still severely damage your business. If you’re web-based, malicious groups have the ability to close the doors to your business, preventing customers from accessing your website, damaging your reputation, and seriously harming your Google rank.

A DDoS attack basically overloads a server, typically using botnets. Botnets are created when a single hacker uses malware to infect other computers to gain control of them. While a single computer is only capable of sending so many requests at a time, controlling multiple computers exponentially increases the volume of requests — overwhelming a server and locking it down so no one can access it.

Hacktivist group Anonymous carried out one of the most infamous cases of a DDoS attack against PayPal in December 2010 in retaliation for the company’s blockade of payments to WikiLeaks. The hacking community described it as a digital boycott or sit-in, while the government aggressively prosecuted 14 people in relation to the attack, who came to be known as the PayPal 14.

The government was so aggressive in this high-profile case because of how easy it is for the general public to carry out such attacks. Someone who doesn’t agree with an organization and sees an attack being organized on social media can download the tool and participate in the botnet with merely the push of a button.

Not only are these attacks easy to pull off, but people are also beginning to make money by offering DDoS as a service.

Available DDoS tools

There is a slew of tools available online for script kiddies to carry out DDoS attacks with little difficulty, many being sold under the guise of testing the stability of a website. Some, like the Low Orbit Ion Cannon used by Anonymous, are simple brute-force attacks that refresh a website as fast as the host computer’s processor will allow. Imagine Walmart on Black Friday, with huge crowds blocking all entrances and more people pushing against those crowds.

Other DDoS programs use a more subtle approach. Slowloris Gui and RUDY exploit misconfigurations in the backend Apache server with erroneous requests, while programs like SynGUI use synchronization attacks to flood the TCP network with a large volume of partial requests. These programs can be used effectively with much smaller groups and often use forged headers, making the perpetrators more difficult to locate.

For-hire DDoS services

In the years since the PayPal 14 brought the media spotlight to DDoS programs, an underground economy has developed, with DDoS-for-hire services becoming widespread. The operators of these services, known as Booter services, often earn thousands of dollars every month.

USENIX recently analysed the public leak of operational databases for a service called TwBooter that revealed the company earned more than US$7 500 per month and launched more than 48 000 DDoS attacks in less than two months.

The proliferation of these types of services points to a disturbing trend. DDoS is no longer just a tool of protest by hacktivists but is now being used as a weapon by organizations against competitors. Think of the situation this can create — a toy company that wants to boost sales at the expense of a competitor could hire a group to take down its competitor’s website leading up to Christmas.

Laws against such attacks are stiff and can carry dire consequences, such as prison time for both the attacker and the person who hired the attacker. Though simple to carry out, DDoS is widely considered a form of cyberterrorism. However, with seemingly no way to locate the perpetrators, the attack can be carried out with no consequence to the inducer.

Protections against DDoS

Business continuity plans should include DDoS as a risk comparable to any other network outages or acts of God. Regular site backups should be automated on a weekly basis at a minimum, though it’s much safer to back up with every update. In addition, hosting a site on several servers makes it easier to bring a site back online after an outage.

Most ISPs provide traffic filtration that can identify and filter out the most obvious DDoS attacks. Contact your ISP to see how it can work with you to protect against DDoS.

If the ISP isn’t doing enough, you should consider a cloud-based protection service such as CloudFlare to mitigate an attack. It may be necessary to hire a third-party company that can either install special filtration equipment within the company’s IT infrastructure or reroute junk traffic through a data clearinghouse that scans for attacks.

These services can be expensive as they require IT specialists to keep them updated against the latest attack methodology, so a cost analysis should be performed to see whether the costs of maintaining the service outweigh the losses associated with website downtime — which can lead to a loss in valuable organic search traffic.

DDoS is more than just a buzzword – it’s one of the most prolific hacker attacks occurring today. While not every DDoS attack makes headlines like those against PayPal and LOT, that doesn’t mean it’s not occurring on a daily basis. Most companies simply don’t want the stigma attached to media attention.

The simplicity of carrying out DDoS, along with the difficulty in tracing attackers, makes it a preferred weapon in any hacker’s arsenal. Is your company safe from DDoS attacks?



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.