Security researchers found DDoS service posing as a ‘stress tester’ that would attack any website for the meek sum of just £3.50
Researchers have uncovered online sellers who are offering DDoS (Distributed Denial of Service) services for as little as $5 per hour (£3.46) on marketplace Fiverr.
As the name suggests Fiverr is an online emporium selling services for the price of $5, where the nefarious DDoSsers are hiding in plain sight, masquerading as companies called ‘stressers’ – an exercise that involves stress testing your own website for resilience to DDoS attacks.
If you want to test your own servers, that is one thing, but many stresser companies are actually just criminals in disguise, as this find goes to highlight.
Security researchers at Imperva found the DDoS dealers on Fiverr, and investigated further to see if any would take the bait when asked if they would ‘stress test’ websites which were not owned by the researchers.
“Most had the good sense to ignore our message. One suggested that we talk on Skype,” said Imperva researchers Igal Zeifman and Dan Breslaw.
That dealer responded with this message: “Honestly, you [can] test any site. Except government state websites, hospitals.”
“This just goes to show that even DDoSers have some moral compass, as well as a healthy fear of the government,” said the researchers.
“With the true capabilities of at least one of the “stress testers” confirmed, we reached out to Fiverr to let them know about the misuse of their service. They were very quick to respond with a promise to have their Trust & Safety team investigate further.”
In the end, Fiverr removed the adverts from the criminals who were posing as innocent stressers.
“Fiverr’s decisive action should serve as an example to an online community that, by and large, has accepted the existence of illegal stressers as a fact of life,” the researchers said.
“From hosters maintaining their websites, to forums allowing promotional posts and review sites comparing offerings, stressers have embedded themselves into the internet landscape and, much like organic viruses, are feeding off of their hosts.”
It was April when Imperva warned that the UK is one of the biggest targets for DDoS criminals, according to a new report.
The firm’s latest Global DDoS Threat Landscape Report found that the UK is the second-most targeted nation, being hit by 9.2 percent of all DDoS attacks in the first quarter of 2016, behind only the United States (50.3 percent).