DDoS hitmen for hire

Share this article:
Ted Swearingen, director information security operations, Neustar
Ted Swearingen, director information security operations, Neustar

It had to happen sometime. With virtually everything – software, infrastructure, you name it – now available as a service, it was only a matter of time before cyber attackers would offer up their services.

A new phenomenon has recently been gaining momentum to take the cyber security industry by storm. In this unfortunate scenario, dubbed “DDoS-for-hire,” sites are now publicly offering distributed denial-of-service attacks (DDoS) as a service (like the aptly named “DDoS Service”).

Now, anyone with a hidden agenda or even the slightest touch of animosity can hire an “online hitman” to bring your site down. And sites like “DDoS Online” say it can all be done for the low, low price of just $10 per hour.

It's an unfortunate and ugly perversion of the “If you build it, they will come” mantra. In this case, what's coming is not only an audience drawn in by your compelling online presence, but also a series of debilitating online attacks that has the potential to cripple your site and make it entirely inaccessible.

The fact that these DDoS-for-hire sites exist and are able to offer their services for a little more than minimum wage is disconcerting, to say the least. These criminals are essentially commoditizing illegally sourced bandwidth, made available through a botnet, and packaging the resulting “product” into a criminal venture.

And while cyber security pros continue to evaluate the frequency and effectiveness of these criminal services, they continue to proliferate at an alarming rate. 

The DDoS-for-hire trend is becoming a pressing issue, mainly due to how easily accessible and world-flattening online traffic has become. The problem is only exacerbated by the difficulty we face in prosecuting criminals internationally. It's the equivalent of trying to catch a vandal who smashes a window in Houston and flees to China to avoid prosecution, except this type of vandalism can cost a company upward of $100,000 for every hour their website is down. That translates into one pricey window.

But it's not all doom and gloom. While DDoS-for-hire sites are becoming an unfortunate reality, potential victims should know that being aware of the issue and running training drills to mitigate attacks helps immensely.  However, beyond practice drills, companies should also consider reporting these attacks to local authorities. Though not every municipality will have the ability to deal with cyber attacks in the near term, notifying the police is an important step in raising ongoing awareness.

While no one likes talking about their online security vulnerabilities, failing to report the attack will only breed confidence in the criminals offering DDoS-for-hire services, engendering the belief that they can get away with impunity.

And letting criminals go free while profiting from attacks will only perpetuate this vicious cycle, creating an online future in which no company is safe.

Share this article:
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are ...

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.