DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
On December 14th, the Department of Justice (DOJ) took control of 48 websites providing “booter” or “stresser” services, which let users launch destructive DDoS attacks cheaply and easily. Six Americans were charged with computer-related offenses for allegedly running the popular DDoS-for-hire services.
Law enforcement agencies globally are working together in Operation Power OFF to take down criminal DDoS-for-hire networks and punish their administrators and users.
The DOJ stated the 48 domains they confiscated assisted the customers of DDoS-for-hire platforms in launching massive amounts of DDoS attacks, capable of disabling websites and entire network service providers. A full list of the sites are below and as of this writing, several of these sites are still online.
Booter services and stresser services are advertised on the Dark Web, chat platforms, and Youtube. Payment is accepted through PayPal, Google Wallet, and crypto, with subscription costs varying from a few dollars to hundreds monthly. Prices depend on attack traffic, duration, and amount of concurrent attacks.
What is a DDoS-for-hire service? It’s a DDoS attack service that allows anyone to purchase and perform a distributed denial-of-service attack (DDoS attack) for a few dollars. These services are inspired by the software as a service (SaaS) business model, which is profitable because it allows the owner of a IoT botnet to perform the low-overhead attack.
Royal Stresser website before it was shut down by the DOJ
Stresser providers and booter providers claim they have no control over how their services are used, and that they’re not breaking the law since their tools can be used for good or bad. Their sites contain Terms of Use that customers must agree to, wherein they only stress-test their own networks and not DDoS attack others. IPStresser’s admin, Dobbs, mentioned in an interview that customers must sign a digital signature to confirm they won’t use it for illegal activities, thus making him immune from liability.
The DOJ states that these disclaimers usually overlook the fact that most booter services heavily depend on continuously scanning the web to gain access to improperly set up gadgets, which are key to maximizing the intensity and effect of DDoS-for-hire assaults.
“Some sites use the term ‘stresser’ in an effort to suggest that the service could be used to test the resilience of one’s own infrastructure; however, as described below, I believe this is a façade and that these services exist to conduct DDoS attacks on victim computers not controlled by the attacker, and without the authorization of the victim,” reads an affidavit by FBI Special Agent Elliott Peterson out of the Alaska field office.
anonboot[.]com, api-sky[.]xyz, astrostress[.]com, booter[.]sx, booter[.]vip, brrsecurity[.]org, buuter[.]cc, cyberstress[.]us, dragonstresser[.]com, dreams-stresser[.]io, freestresser[.]so, instant-stresser[.]com, ipstress[.]org, ipstress[.]vip, ipstresser[.]wtf, orphicsecurityteam[.]com, ovhstresser[.]com, quantum-stresser[.]net, redstresser[.]cc, royalstresser[.]com, silentstress[.]net, stresser[.]app, stresser[.]best, stresser[.]gg, stresser[.]is, stresser[.]net/stresser[.]org, stresser[.]one, stresser[.]so, stresser[.]top, supremesecurityteam[.]com, truesecurityservices[.]io, vdos-s[.]co, zerostresser[.]com, ipstresser[.]xyz, kraysec[.]com, securityteam[.]io, blackstresser[.]net, ipstresser[.]com, ipstresser[.]us, stresser[.]shop, exotic-booter[.]com, mcstorm[.]io, nightmarestresser[.]com, shock-stresser[.]com, stresserai[.]com, sunstresser[.]com, bootyou[.]net, defconpro[.]net
As the DDoS-for-hire racket evolves, some such services have started offering repeat customers points and discounts toward future purchases. It’s a sort of DDoS loyalty program.
Some developers even offer bonus points for each attack conducted using their service. In other words, cybercriminals have their own loyalty and customer service programs. Most DDoS attacks are ordered through full-fledged Web services, which removes the need for direct contact between the two parties.
Customers use these Web services to register for an account, make payments, manage their balance and attack budget, access reports and more. They’re kinda of like Web services offered by legal services. In the DDoS-for-hire biz, many of these Web services boast thousands to hundreds of thousands of registered users.
The cost of a DDoS attack fluctuates based on the target, the duration of the attack and the geographic location of the target. According to The Register, a DDoS attack can cost anywhere from $5 for a 300-second attack to $400 for 24 hours, and the average price for an attack is around $25 per hour.
The price of a DDoS attack also takes into consideration the attack’s generation and the source of attack traffic. For example, an attack leveraging a botnet made up of Internet of Things (IoT) devices costs less than an attack that uses a botnet made up of servers.
Cybercriminals persistently look for more affordable means to set up botnets. The Internet of Things (IoT) benefits them in this. One of the current trends is the use of IoT zombie gadgets, like CCTV cameras, DVR-systems, and smart appliances, in DDoS attacks. As long as there are vulnerable IoT devices, criminals will keep taking advantage of them.
“DDoS attack man in the middle” by Nasanbuyn is licensed under CC BY 4.0
The rise of DDoS-for-hire services comes on the heels of a spate of high-profile DDoS attacks that reached unprecedented volume, size and scope. For the first time on record, DDoS attacks have exceeded 46 million rps, an upward swing that is expected to continue.
One of the botnets powering this tsunami of DDoS attacks is the Mirai malware, which takes advantage of unsecured IoT devices to build massive botnets and launch mammoth DDoS attacks. The uptick in DDoS activity has ushered in the DDoS of Things (DoT) era, where threat actors use unsecured IoT devices to build the botnets that drive colossal DDoS attacks.
Thunder® Threat Protection System (TPS®), a line of high-performance DDoS protection solutions, detects and mitigates volumetric, multi-vector DDoS attacks at the network edge. For service providers, enterprises and security-conscious businesses, Thunder TPS is the first line of defense for network infrastructure. It helps prevent IoT-powered DDoS attacks and protects your business from the DDoS of Things.
