Whack-A-Mole Cyberattackers: Why The DDoS For Hire HackForums Closure Didn’t Matter

It may come off as a pessimistic world view, but lately it seems as though there are two types of news: bad news, and news that seems good but then isn’t. Take, for example, the news that HackForums.net was closing down its server stress testing section back in October. Since it was reportedly the internet’s largest open marketplace for DDoS for hire services, the news that it was being closed down was more than welcomed by the internet security community.

Over three months later? It didn’t end up mattering at all.

Devastation for hire

A DDoS attack is a distributed denial of service attack. In it, an attacker remotely controls a network of hijacked internet-connected devices – a botnet – to direct a large amount of malicious traffic at a target website. Whether this traffic eats up the website’s bandwidth, overwhelms the server, or consumes other essential resources, the end result of an unmitigated DDoS attack is the same: the victim website is either slowed down past the point of usability, or it’s knocked completely offline.

It used to be that in order to launch a DDoS attack, one had to be pretty well versed in internet technology. That is no longer the case. With DDoS for hire services, anyone with Bitcoin or a PayPal account can pay a nominal fee for the use of booters or stressers. These are services that rent out the use of a botnet, and by simply plugging in the URL of the target website, a DDoS attack can be had.

DDoS and DDoS for hire attacks have achieved immense infamy thanks to the damage they’re capable of doing. A sophisticated distributed denial of service attack can be used as a smokescreen for an intrusion, or cause lasting software and hardware damage. Both sophisticated attacks from seasoned cyberattackers and basic attacks from for-hire services can cause long-term damage in the form of eroded user trust and loyalty. After all, the frustration caused by downtime is enough to send many users looking for a new website or service, and if that doesn’t do it, the knowledge that a website or server hasn’t bothered protecting itself against these well-known attacks just might.

HackForums in hiding

With these attacks as serious as they are, many may wonder where law enforcement is in all of this. Well, major law enforcement agencies including Europol and the FBI are doing the best they can. Recent months have seen the arrests of members of famed hacking groups Lizard Squad and PoodleCorp as well as the arrest of the people behind DDoS for hire services like vDos and Titanium Stresser.

After October’s world famous DDoS attack on DNS provider Dyn that resulted in websites such as Twitter and PayPal going offline, law enforcement cranked up the heat enough to prompt a response from HackForums, considered the biggest hacking community in the world. In an act of self-preservation, HackForums removed their server stress testing section.

An expected outcome…for a while

Many were quick to consider it a victory for internet security. Which initially it was. Yet after the October shutdown, one internet security provider noticed a dip in DDoS attacks in November. Any celebration was short-lived, however, as the number of attacks observed by the ISP nearly doubled in December. The director of the UK’s Cambridge Cybercrime Centre Richard Clayton also acknowledged that there’s no real difference in attack volume compared to a few months back.

The takeaway

DDoS for hire services are a lot like whack-a-mole: when one marketplace, service or botnet is smacked down, another will spring up in its place. For every Lizard Squad member that gets arrested, there’s another script kiddie on Twitter looking to latch on with a hacking group. There’s bigtime money to be made in this illegitimate industry, and regardless of law enforcement attention, it’s going to be made.

For website owners, the reality is that distributed denial of service attacks are not going to be stopped at the source. Not even the FBI and Europol have a chance at keeping up with the rapid proliferation of these attacks and attack services.

Instead, website owners need to focus on stopping these attacks before they reach their own networks. That means professional DDoS mitigation that activates automatically when an attack is detected, redirecting all traffic to a scrubbing server that blocks malicious traffic while letting legitimate traffic through unimpeded. Otherwise, when it comes to DDoS attacks, it’s going to continue to be nothing but bad news.