A Turkish hacking crew is running a DDoS-for-Points platform where participants can earn points if they carry out DDoS attacks against a list of predetermined targets, points they can exchange later on for various online click-fraud tools. IT security experts from Corero Network Security, Tripwire, Imperva and Forcepoint comment below.
Stephanie Weagle, VP at Corero Network Security:
“Recent high profile DDoS attacks shine the light on this increasingly sophisticated and damaging threat, and we expect to see a substantial escalation in the already dangerous DDoS landscape. The potential for frequent, sophisticated and large scale attacks that have the ability to significantly disrupt our Internet availability are becoming more of a reality.”
Travis Smith, Senior Security Research Engineer at Tripwire:
“Since Sledgehammer is a tool created by a group of Turkish descent, it’s expected that the targets of their wares are would be those they oppose. Even though the gamification of the DDoS tool allows individuals from around the world to participate in the attack, the targets are controlled by a centralized command and control server.”
.
Marc Gaffan, General Manager for the Incapsula Service at Imperva:
The novel part of this is the platform that has been developed to solicit and monitor those that participate in the DDoS activities to ensure they are doing what the masterminds want them to do and in the way they want them to execute the attacks (down to the precise technology they want them to use). The platform itself, if redistributed, could become the new standard for crowdsourcing DDoS attackers.”
Morgan Gerhart, VP at Imperva:
1) The cost of launching an attack goes down
2) More attacks are launched
3) The attacks themselves evolve faster”
Carl Leonard, Principal Security Analyst at Forcepoint:
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.