DDoS for hire has always been an inseparable part of the portfolio of services offered by the cybercrime ecosystem. With DDoS extortion continuing to go largely under-reported, throughout the last couple of years — mainly due to the inefficiencies in the business model — the practice also matured into a ‘value-added’ service offered to cybercriminals who’d do their best to distract the attention of a financial institution they’re about to (virtually) rob.
Operating online — under both private and public form — since 2008, the DDoS for hire service that I’ll discuss in the this post is not just offering DDoS attack and Anti-DDoS protection capabilities to potential customers, but also, is ‘vertically integrating’ within the ecosystem by starting to offer TDoS (Telephony Denial of Service Attack) services to prospective customers.
Sample screenshot of the ‘DDoS for Hire’ vendor’s Web site:
The service oprates 24/7, and promises 100% anonymity when accepting and processing the requests. It charges $20 for one hour of DDoS attack, $50 for a day, and $500 for one week, with a 50% discount for for regular customers, as well as additional discounts when attacking more than one site. Ironically, it also offers Anti-DDoS attack protection capabilities, charging $30 for one hour of protection, $250 for one day and $1,600 for one week of protection. Not surprisingly, taking into consideration the increasing professionalism applied by cybercriminals internationally on their way to optimize the the effects of their campaigns, the DDoS for hire service also offers TDoS services, in an attempt to position itself as a one-stop-shop for commercially available Denial of Service attack capabilities.
The service is just the tip of the iceberg in this vibrant market segment that has managed to preserve its core business strategies for years through the reliance on constant OPSEC-violating advertising on public, cybercrime-friendly communities. With attribution procedures becoming more prevalent across the community, some cybercriminals quickly adapted through the utilization of the ‘aggregate-and-forget’ process, namely, the aggregation of malware-infected hosts to be used in a specific, highly targeted DDoS attack campaign, on their way to make attribution obsolete.
We expect to continue observing more ‘vertical integration’ in this market segment, with vendors who’ve been in business for years, introducing new ‘value-added’ services, on their way to achieve a one-stop-shop business model for anything DDoS related.