A Turkish hacking crew is running a DDoS-for-Points platform where participants can earn points if they carry out DDoS attacks against a list of predetermined targets, points they can exchange later on for various online click-fraud tools. IT security experts from Corero Network Security, Tripwire, Imperva and Forcepoint comment below.
Stephanie Weagle, VP at Corero Network Security:
“The crude, large scale DDoS attacks of yesteryear have evolved to take advantage of more sophisticated methodologies, vectors and techniques. The concept of the gamification of DDoS attacks may not be a new methodology, perhaps more of a growing trend on the dark web. The sheer anonymity of DDoS attacks is very attractive, and by offering various reward opportunities to the attacker, makes the business of DDoS even more lucrative.
“Recent high profile DDoS attacks shine the light on this increasingly sophisticated and damaging threat, and we expect to see a substantial escalation in the already dangerous DDoS landscape. The potential for frequent, sophisticated and large scale attacks that have the ability to significantly disrupt our Internet availability are becoming more of a reality.”
Travis Smith, Senior Security Research Engineer at Tripwire:
“Since Sledgehammer is a tool created by a group of Turkish descent, it’s expected that the targets of their wares are would be those they oppose. Even though the gamification of the DDoS tool allows individuals from around the world to participate in the attack, the targets are controlled by a centralized command and control server.”
Marc Gaffan, General Manager for the Incapsula Service at Imperva:
“This is not a game changer but a natural evolution of hackers learning and improving on how to monetize their assets and use them for ad hoc purposes, in this case DDoSing a select group of targets.
The novel part of this is the platform that has been developed to solicit and monitor those that participate in the DDoS activities to ensure they are doing what the masterminds want them to do and in the way they want them to execute the attacks (down to the precise technology they want them to use). The platform itself, if redistributed, could become the new standard for crowdsourcing DDoS attackers.”
Morgan Gerhart, VP at Imperva:
“This is another example of how Cybercrime itself is evolving into an industry with a very sophisticated and more specialized value-chain/supply chain. The net effect of this increased specialization is that:
1) The cost of launching an attack goes down
2) More attacks are launched
3) The attacks themselves evolve faster”
Carl Leonard, Principal Security Analyst at Forcepoint:
“This is the first time hackers have ‘gamified’ a hacking platform to the extent that participants compete against one another and can compare scores and redeem points for rewards on a single service. We believe that those behind Sledgehammer are in the participant acquisition phase and are trying to reach a critical mass”