Got a grudge? Police just shut down biggest hackers-for-hire platform


  • World
  • Sunday, 29 Apr 2018

THE worldwide – and illegal – cyberattack-for-hire business flourishes. Got a grievance against a retailer? A former spouse bugging you?

Plenty of online thugs will take astonishingly small sums of money and launch a cyberattack on your behalf.

The hackers-for-hire flood a website with malicious traffic and knock it offline.

Fed up with such malignant attacks, law enforcement officials in 12 countries, including the United States, last week seized servers and arrested four top administrators of webstresser.org, crippling what is believed to be the most successful of the cyberattack-for-hire platforms.

Clients of the platform were targeted in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong.

More than 136,000 people had signed up for webstresser.org’s attack services, and the online platform’s hackers launched more than four million Direct Denial of Service (DDoS) attacks in recent years, said Europol, the European Union’s law enforcement agency. In a DDoS attack, hackers overwhelm a targeted website or network with traffic, causing it to crash.

According to Europol, the orchestrated attacks targeted critical online services offered by banks, government institutions and police forces, as well as victims in the gaming industry.

The damage of these attacks is said to be substantial.

Researchers said the takedown of webstresser.org underscores how services offered by criminal hackers have filtered from the underground dark web, where criminals and anarchists lurk, to platforms that appear legitimate. And they have tens of thousands of clients, some with petty grievances.

“People are doing DDoS attacks for strange reasons, like if they lose in an online game, they attack the server. Or if they just don’t like a football team, they DDoS that football team’s website,” said Ben Herzberg, director of threat research at Imperva, a company that defends clients from such attacks.

“You give people cheap weapons and anonymity, and they know that they will probably not get caught, and you get mayhem,” Herzberg said.

It might seem initially like a lark to those who launch such attacks.

“They attack their school. They attack people they get in internet arguments with. They attack websites. They have a hammer, and everything looks like a nail,” said Allison Nixon, security research director at Flashpoint, a dark web intelligence firm based in New York.

Researchers say motives vary from “extortion, to attacks seeking media attention, to anti-competitive practices using DDoS, to harassment of one’s exes, or harassment against a former employer,” Nixon said in an email.

Asked how many such services exist, she said “tons.” Another expert, Andrew Lloyd, president of Corero Network Security, said “hundreds” of sites offer “stresser” or “booter” services, called such because they boot people offline.

Researchers widely believe that webstresser.org is the largest hacker-for-hire platform.

In a report earlier this month, Corero said DDoS attacks have doubled in frequency in the past six months alone, with some businesses suffering 50 attacks a day.

“Almost all the attacks are rented,” Lloyd said, meaning that the attackers were hired by a third party. “The vast majority of attacks are less than 10 minutes.”

If done with skill, a short attack can inflict significant harm.

“A less-than-10-minute attack can cause someone to be offline for hours, if not days,” Lloyd said, as tech workers for targeted networks reboot systems and mitigate damage.

Webstresser.org offered levels of service for all budgets, ranging from US$18.99 (RM74.40) for one month to US$999 (RM3,917) for a heavy-duty three-month plan, depending on the caliber of digital ammunition deployed.

“While the lowest-tier account is only able to push enough traffic to take down a home user, Flashpoint analysts assess with high confidence that the higher-tier accounts can likely push much larger attacks,” Flashpoint said in a report last month.

The model of offering criminal services on an online platform is “making cybercrime as easy as shopping online,” noted Gregory Webb, chief executive of Californian cybersecurity firm Bromium. – Tribune News Service


Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 7
Cxense type: free
User access status: 3
   

Across The Star Online