FBI Shuts Down DDoS Attack-for-Hire Services
Many cyber criminals operate in the shadows of the dark web, but others operate in broad daylight. For example, the file sharing website Kazaa famously argued that it should be held to the same standard as tape recorders in that they do not authorize breaches of copyright by users. The reality, of course, is that most users were in fact breaking the law.
In December, the FBI seized the domains of 15 attack-for-hire services operating under similar pretenses. These “booter” or “stressor” sites helped paying customers launch digital attacks designed to knock out websites and entire networks. The operators argued that they aren’t responsible for how customers used the service and shouldn’t be held liable, but ultimately, the FBI took action and took the websites down.
In this article, we’ll look at the rise of attack-for-hire services — especially for Distributed Denial of Service (DDoS) attacks — and how you can prevent these kinds of attacks.
Many cyber criminals operate in the shadows of the dark web, but other operate in broad daylight — like booter sites.
What are DDoS Attacks?
Denial-of-Service (DoS) attacks flood a target network server with illegitimate traffic. These requests have fake return addresses that mislead the server when it tries to authenticate with the requestor. As the illegitimate requests are processed, the server quickly becomes overwhelmed and legitimate requests cannot connect. As a result, your network or website appears extremely latent or goes entirely offline, affecting employees or customers.
Distributed Denial-of-Service (DDoS) attacks occur when multiple machines operate together to attack a single target. In addition to sending exponentially more illegitimate requests, DDoS attacks make it difficult to identify the true source of the attack and block the illegitimate traffic. This makes the attacks even more devastating since they can last for a longer period of time. These DDoS attacks are commonly orchestrated with botnets.
Botnets are a group of hijacked Internet connected devices used to carry out attacks. By infecting host devices with malware, botnet operators can command entire networks of infected computers to DDoS a single target. Often times, botnets are rented out by attack-for-hire services, as well as used to perpetrate other cyber crimes. The host computers rarely realize that they’re being used for an attack.
DDoS attacks have become increasingly common and can be financially devastating. In 2014, an Incapsula survey of 250 businesses with at least 250 employees found that nearly half (45%) of those surveyed experienced a DDoS attack. These attacks cost businesses an estimated $40,000 per hour with the average attack costing about $500,000 in total. Nearly one-third of attacks were also combined with other attacks resulting in data theft.
The rise of attack-for-hire services is a dangerous development: It lowers the barriers for cyber crime and enables novices to launch sophisticated and crippling attacks with the click of a button. The largest service seized by the FBI had over 80,000 customer subscriptions and conducted 50,000 actual or attempted attacks last year, according to the DOJ’s press release.
Download our free preparedness checklist to prepare your business for a DDoS attack.
The booter services targeted in the FBI takedown advertised the ability to determine the true Internet address of the target that are often obscured by DDoS protection services. Customers could determine their target’s Internet address using only a Skype username, which would bypass many standard safeguards against DDoS attacks.
The good news is that the crackdown represented a breakthrough in how the FBI prosecutes these kinds of cases and created a blueprint for the future. The bad news is that FBI officials acknowledge that the problem is unlikely to go away, as new booter services will inevitably spring up to replace those that were taken down in the raid.
“We certainly don’t expect this problem to go away after this,” said U.S. Attorney Cameron Schroeder in the press release announcing the raid. “But this is an attempt to build a strategic approach to the problem, to look at it in a more systematic way and deal with it on a much larger scale.”
How to Prevent DDoS Attacks
Distributed Denial-of-Service attacks can impact any size of business in any industry. Hacktivists may take issue with a certain type of business; extortionists may demand a ransom to avoid an attack; competitors may launch attacks on important days (like Cyber Monday); or vandals may simply be interested in wreaking havoc. Regardless of the underlying intent, all businesses should be prepared for an attack.
Let’s take a look at how to handle DDoS attacks through both preventative and reactive measures.
Don’t forget to download our free preparedness checklist to ensure that your business is ready for a DDoS attack.
Don’t Become Part of the Problem
Botnets are created by installing malware across a large number of Internet connected devices. With the proper antivirus and firewall software, you can avoid becoming part of botnets that perpetrate DDoS attacks and other cyber crimes. It’s important to remember to protect both computers and other connected devices, such as routers and smartphones.
Jungle Disk’s Active Network Protection provides cloud firewall protection, safe Internet, VPN remote access, and secure Wi-Fi designed especially for small businesses with two to 250 employees. In addition, customers receive virus and malware protection and web content filtering to stop attacks before they reach network devices.
Recognize the Attack
DDoS attacks may initially seem like small problems, such as maintenance or technical issues. The most common symptoms are an unusual slowdown in network performance, the unavailability of certain websites, or the inability to access any website. Attacks can be best detected using network monitoring tools like a firewall or intrusion detection system.
Many websites use services like Cloudflare to avoid DDoS attacks. These services typically fingerprint anomalous traffic and block the attacks from reaching the web server, while sharing attacker data across their network, enabling businesses to maintain uptime commitments and avoid the high cost of these attacks had they consumed server resources.
Respond to the Attack
The response to a DDoS attack depends on the specific organization and its policies. For example, a small business may be more willing to take its server offline until the attack is over whereas a larger business may be willing to pay any costs to maintain uptime.
If you suspect an attack, it’s a good idea to contact your network administrator or third-party vendor to see if the outage is due to maintenance or in-house network issues. They may also be monitoring traffic and mitigate an attack by applying firewall rules or rerouting traffic.
It’s also a good idea to contact your Internet service provider, or ISP, to ask if there’s an outage on their end. In some cases, there may be another intended victim of the DDoS attack and you may be an indirect victim. They may also have advice on the appropriate course of action during an attack to help mitigate costs.
Finally, it’s important to lock down the rest of your network. It’s not uncommon for a DDoS attack to distract attention away from another attack within your network. You should carefully monitor network traffic with an intrusion detection system to ensure there isn’t a breach.
The Bottom Line
Attack-for-hire services are a growing problem for businesses of all sizes. While the FBI’s recent raid shut down many large booter sites, there will be more cyber criminals that step in to fill the void. It’s a good idea to ensure that your business is properly protected with antivirus software, anti malware software, firewalls and DDoS protection services.
Sign up for Jungle Disk today and see how our Active Network Protection services can keep you safe. Our free network security scan can also help identify any vulnerabilities, including those that could leave you exposed to DDoS attacks.