Threat Management

Imperva finds DDoS for hire on Fiverr


Professional services online marketplace Fiverr bills itself as “the easiest way to get everything done at unbeatable value” and apparently, at least briefly, that promise extended to distributed denial of service (DDoS) for hire, according to an Imperva blog post.

DDoS for hire organizations “operate in broad daylight under the guise of ‘stresser' services” that ostensibly test the resilience of a company's network, Imperva researchers said, and most don't ask customers for proof of ownership of the company to be tested. That means a company “can ‘stress test' whomever [it] want[s] — just as long as [it] continue[s] forking over their subscription fees,” they wrote, adding that the fees themselves “aren't exactly prohibitive,” last year ranging from $19-$38 per hour.

An even lower fee of $5 per hour on the Russian underground revealed by the “SecureWorks Underground Hacker Marketplace Report” made researchers muse whether DDoS-for-hire services could be found on Fiverr where $5/hour for services is de rigueur.  “The ads we found were pretty incriminating — especially the skull and bones image that offered to ‘Massive DDoS Attack your Website,'” they wrote.

Upon further investigation – which included researchers creating their own Fiverr account and asking the stresser providers if the site they wanted to stress test had to be their own – found that some of the services were indeed shady. While most of the providers ignored the researchers questions, the skull and crossbones site responded, saying, “Honestly, you [can] test any site. Except government state websites, hospitals.”

Imperva notified Fiverr and the site quickly removed three of the stresser providers. The researchers urged others in the online community to do the same, noting that “even if stressers aren't going away, we don't have to make their lives any easier.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.