Skip to content

OPLIN 4cast #408: Cheap attacks

Posted in 4cast

Abrams tankAt its latest meeting, the OPLIN Board discussed making a substantial financial commitment to protecting OPLIN participants from Distributed Denial of Service (DDoS) attacks. DDoS attacks send so much traffic to a victim’s web server – often a company or organization big enough to have made enemies in the hacker community – that the victim’s Internet connection or web server cannot handle it all, and their website becomes inaccessible to legitimate traffic: a “denial of service.” The “distributed” part of the name refers to the fact that a single computer cannot generate enough traffic to overwhelm most systems, so the traffic comes from an automated collection of computers that have been infected with malware – a “botnet” – that is under the control of a bot master. Botnets are also used for ad fraud, spam, and testing stolen credit cards. OPLIN staff were mystified as to who would go to the trouble and expense of launching a DDoS attack at a library, but then we learned how cheap and easy it is to rent a botnet these days.

  • DDoS in 2014: The new Distributed Denial of Service attacks and how to fight them (Continuum MSP blog| Steven J. Vaughan-Nichols)  “Other DDoS attacks go after your Web servers themselves rather than the Internet connection by devouring server resources. With these, if you even had infinite bandwidth, a site could still be taken down. DDoS Botnets used to be made up almost entirely of malware-infected Windows PCs. Now, even poorly secured mobile devices are getting into the act. The process is not particularly complicated or technical. You can rent a botnet suitable for launching a DDoS attack for a few bucks an hour.”
  • Renting a zombie farm: Botnets and the hacker economy (Symantec Security Insights Blog | Tim G.)  “Similar to Amazon Web Services renting cloud capacity to any number of applications, a bot master will often lease their bot out to subsequently commit other cybercrimes. This means individuals with little or no skill in creating a botnet can rent one capable of crippling a major website with a DDoS attack for as little as $100-200 USD per day.”
  • You don’t have to be an evil hacker genius to bring down PlayStation (Businessweek | Dune Lawrence)  “Incapsula’s chief business officer and a co-founder Marc Gaffan calls DDoS ‘the weapon of choice’ for hackers these days, in part because technology is making it increasingly convenient and powerful (sound familiar?). It doesn’t take much money to inflict a costly headache on a business. An attacker can rent a ‘botnet’—a network of infected zombie computers controlled by cyber criminals—to mount a DDoS campaign for less than $10 an hour, according to Verizon’s most recent Data Breach Investigations Report (PDF).”
  • DDoS attacks can take down your online services (TechPro Essentials | Dr. Bill Highleyman)  “Botnets are readily available for rent on the darknet, private networks where connections are made only between trusted peers. Hackers form a community of trusted peers and can gain access to botnet rentals. The cost for botnets is relatively modest given the damage they can inflict. For instance, the following botnet rentals are advertised on the darknet: 10,000 PCs – 10 gbps – $500 per month; 100,000 PCs – 100 gbps – $200 per day.”

Articles from Ohio Web Library: