/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Supra_Et_Ultra_2023_7_25_94252.263_1440p_streamshot.png)
As anyone who regularly plays online games can attest to, DDoS (Denial of Service) attacks are an annoyingly common occurrence on the Internet. Using the combined digital power of a geographically dispersed army of zombified PCs, hackers have been able to destroy game servers and prevent players from logging in for hours or even days at a time. The problem has become widespread in recent years as enterprising hackers have begun to package their botnets and spamming tools into commercial offerings, giving any Tom, Dick and Script-kiddie fare access to similar power.
It’s one big Internet, and bad actors abound. There are worse things than spammers and scammers swimming in the depths of the dark web. In his new book, Fancy beer goes fishing: The dark history of the information age, in five extraordinary hacks, Dr. Scott J. Shapiro, Professor of Law and Philosophy at Yale Law School, traces the illegal history of the Internet through five of the largest attacks on digital infrastructure ever recorded.
Farrar Strauss Xerox
Fancy Bear Goes Fishing: A Dark History of the Information Age, Scott J. In Five Extraordinary Hacks by Shapiro. Published by Farrar, Straus and Giroux. Copyright © 2023 Scott J. by Shapiro. All rights reserved.
crime as a service
Not all denial-of-service attacks use botnets. In 2013, the Syrian Electronic Army (SEA) – the online propaganda arm of the brutal Bashar al-Assad regime – hacked Melbourne IT, the registrar that sold the nytimes.com domain name. the new York Times, SEA changed the DNS records so that nytimes.com pointed to SEA’s website instead. Because the official records for the Times website were held in Melbourne IT, the unauthorized changes quickly spread around the world. when users type normal new York Times domain name, they reached the website of a murderous organization.
In contrast, not all botnets launch denial-of-service attacks. A botnet is, after all, a collection of multiple hacked devices controlled remotely by an attacker, and those bots can be used for a number of purposes. Originally, botnets were used for spam. The Viagra and Nigerian Prince emails that cluttered inboxes were sent from thousands of zombie computers distributed geographically. In these cases, the attacker reaches out to his army of bots, and orders them to send thousands of emails a day. For example, in 2012, the Russian Grum botnet sent more than 18 billion spam emails a day from 120,000 infected computers, earning its botmaster $2.7 million over three years. Botnets are excellent spam infrastructure because they are difficult to defend against. Networks usually use “block lists”: lists of addresses they won’t let in. However, to block a botnet, one would need to add the addresses of thousands of geographically distributed servers to the list. It takes time and money.
Because the malware we’ve seen so far — worms, viruses, worms, and viruses — couldn’t work together, it wasn’t useful for financially motivated crime. On the other hand, the reason for botnet malware is that the botnets it creates are controllable. Botmasters are able to issue commands to each bot, allowing them to cooperate. In fact, botnets are the Swiss Army knife of malware cybercrime because botmasters can tell their bots to plant malware on vulnerable machines, send phishing emails, or engage in click fraud, causing botnets to click pay-per-click ads. Instructing the bot to do is beneficial. , Click fraud is particularly lucrative, as Paras Jha later found out. In 2018, the ZeroAccess botnet could make up to $100,000 per day in click fraud. It commandeered one million infected PCs spread across 198 countries, including the island nation of Kiribati and the Himalayan Kingdom of Bhutan.
Botnets are great DDoS weapons because they can be trained on a target. One day in February 2000, the hacker Mafiaboy crashed Fifa.com, Amazon.com, Dell, E*TRADE, eBay, CNN, as well as Yahoo!, the Internet’s largest search engine at the time. They took over these web servers by taking control of computers at forty-eight different universities and linking them into a primitive botnet. When everyone sent requests to the same IP address at the same time, the collective load of requests crashed the website.
After taking so many major websites offline, MafiaBoy was deemed a threat to national security. President Clinton ordered a nationwide manhunt to find him. In April 2000, Mafiaboy was arrested and charged, and in January 2001 he pleaded guilty to twenty-eight charges of denial-of-service assault. Law enforcement did not reveal Mafiaboy’s real name, as this national security threat was only fifteen years old. Mafiaboy later revealed himself to be Michael Kelse. Kelse said, “You know I’m a very calm, composed and nice person.” “But when you have the President of the United States and the Attorney General basically calling you and saying, ‘We’re going to find you’ . . . at that point I was a little concerned.” After serving five months in juvenile detention, Kelce now works in the cyber security industry as a white hat – a good hacker, as opposed to a black hat.
Mafiaboy and the VDOS crew were both teenage boys who crashed the server. But where Mafiaboy did it for the lulz, VDoS did it for the money. Indeed, these teenage Israeli kids were pioneering tech entrepreneurs. He helped launch a new form of cybercrime: DDoS as a Service. DDoS as a Service is a subscription-based model that provides customers with daily quotas or access to botnets to launch unlimited attacks, depending on the price. DDoS providers are known as booter services or stress services. They come with user-friendly websites that enable customers to choose account type, pay for subscription, check service status, launch attacks, and seek technical support.
VDoS advertised its booter service on a hack forum, the same site where, according to Coelho, Paras Jha spent hours. On its website, www.vdos-s.com, VDoS offers the following membership services: Bronze ($19.99/month), Silver ($29.99/month), Gold ($39.99/month), and VIP ($199.99/month) accounts. The higher the price, the greater the time and volume of the attack. At its peak in 2015, VDoS had 1,781 customers. The gang had a customer service department and for a time, they accepted PayPal. From 2014 to 2016, VDoS earned $597,862, and it conducted 915,287 DDoS attacks in one year.
VDoS democratized DDoS. Even the most inexperienced user can subscribe to one of these accounts, type in a domain name, and attack his or her website. “The problem is that this kind of firepower is literally available to anyone who is willing to pay thirty dollars a month,” explained Alison Nixon, director of security research at the business-risk-intelligence firm Flashpoint. “Basically what this means is that you must have DDoS protection in order to participate on the Internet. Otherwise, any angry young teen would be able to take you off-line in a heartbeat. Even booter services require DDoS protection. VDoS hired Cloudflare, one of the largest DDoS mitigation companies in the world.
DDoS as a Service was following a trend in cybercrime known as “Malware as a Service”. Where users once purchased information about software vulnerabilities and tried to figure out how to exploit those vulnerabilities, or purchased malicious software and tried to figure out how to install and execute it Now they can pay for the use of malware and hacks with just the click of a button, no technical knowledge required.
Because clients who use DDoS as a service are inexperienced, they are especially vulnerable to scams. Fraudsters often advertise booter services on public discussion boards and accept orders and payments, but do not launch attacks as promised. Even VDoS, which provided the DDoS service, acted less aggressively than advertised. When tested by Flashpoint, the VDoS botnet never reached the promised maximum of fifty gigabits/second, instead ranging from six to fourteen gigabits/second.
Boards advertising booter services, as hack forums once did, are accessible to anyone with a standard browser and Internet connection. They exist on the Clear Web, not the so-called Dark Web. To access sites on the dark web you must use a special network known as Tor, usually using a special browser known as Tor Browser. When a user tries to access a website on the dark web, the Tor browser does not request web pages directly. It chooses three random sites – known as nodes – through which to route the request. The first node knows the original sender, but not the final destination. The second node knows neither the original source nor the final destination – it only knows the first node and the third node. The third node knows the final destination, but not the original sender. In this way, the sender and receiver can communicate with each other without knowing each other’s identity.
The dark web is doubly anonymous. No one knows its IP address except the website owner. No one knows that they are accessing the website except the visitor. Therefore, the dark web is used by political dissidents and cyber criminals – those who need complete anonymity. Browsing the dark web is legal, but many of its websites provide services that are illegal to use. (Fun fact: The US Navy created the dark web in the mid-1990s to enable its intelligence agents to communicate confidentially.)
It may come as a surprise that DDoS providers can advertise on Clear Web. After all, DDoSing another website is illegal everywhere. In the United States, one violates the Computer Fraud and Abuse Act if one “knowingly causes the transmission of any program, information, code, or command, and as a result of such conduct, knowingly causes damage without authorization, Where the damage “includes” any loss to. , , availability of data, programs, systems, or information.” To counter this, booter services have long argued that they perform a legitimate “stressor” function, requiring web page setups to perform stress tests on websites. Indeed, booter services routinely include terms of service that prohibit attacks on unauthorized sites and disclaim all responsibility for any such attacks.
In theory, the stress factor sites serve an important function. But only in theory. Private conversations between VDoS and its customers indicate that they were not pushing their websites. As a booter service provider acknowledged by Cambridge University researchers, “we try to market these services towards a more legitimate user base, but we know where the money comes from.”
All products recommended by Engadget are selected by our editorial team, independent of their parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publication.
