DDoS hitmen for hire

Share this article:
Ted Swearingen, director information security operations, Neustar
Ted Swearingen, director information security operations, Neustar

It had to happen sometime. With virtually everything – software, infrastructure, you name it – now available as a service, it was only a matter of time before cyber attackers would offer up their services.

A new phenomenon has recently been gaining momentum to take the cyber security industry by storm. In this unfortunate scenario, dubbed “DDoS-for-hire,” sites are now publicly offering distributed denial-of-service attacks (DDoS) as a service (like the aptly named “DDoS Service”).

Now, anyone with a hidden agenda or even the slightest touch of animosity can hire an “online hitman” to bring your site down. And sites like “DDoS Online” say it can all be done for the low, low price of just $10 per hour.

It's an unfortunate and ugly perversion of the “If you build it, they will come” mantra. In this case, what's coming is not only an audience drawn in by your compelling online presence, but also a series of debilitating online attacks that has the potential to cripple your site and make it entirely inaccessible.

The fact that these DDoS-for-hire sites exist and are able to offer their services for a little more than minimum wage is disconcerting, to say the least. These criminals are essentially commoditizing illegally sourced bandwidth, made available through a botnet, and packaging the resulting “product” into a criminal venture.

And while cyber security pros continue to evaluate the frequency and effectiveness of these criminal services, they continue to proliferate at an alarming rate. 

The DDoS-for-hire trend is becoming a pressing issue, mainly due to how easily accessible and world-flattening online traffic has become. The problem is only exacerbated by the difficulty we face in prosecuting criminals internationally. It's the equivalent of trying to catch a vandal who smashes a window in Houston and flees to China to avoid prosecution, except this type of vandalism can cost a company upward of $100,000 for every hour their website is down. That translates into one pricey window.

But it's not all doom and gloom. While DDoS-for-hire sites are becoming an unfortunate reality, potential victims should know that being aware of the issue and running training drills to mitigate attacks helps immensely.  However, beyond practice drills, companies should also consider reporting these attacks to local authorities. Though not every municipality will have the ability to deal with cyber attacks in the near term, notifying the police is an important step in raising ongoing awareness.

While no one likes talking about their online security vulnerabilities, failing to report the attack will only breed confidence in the criminals offering DDoS-for-hire services, engendering the belief that they can get away with impunity.

And letting criminals go free while profiting from attacks will only perpetuate this vicious cycle, creating an online future in which no company is safe.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.

Securing the autonomous vehicle

Securing the autonomous vehicle

We are now in the fast lane towards a driverless future. Will we have to brake for hackers?