DDoS : The Bigger Story

Has anybody heard of DDoS-as-a-service ?

We are so much into cloud computing now and we talk about the big three of Cloud computing all the time - Infrastructure-as-a-service, Platform-as-a-service and Software-as-a-service. But DDoS-as-a-service ? Anybody in the IT industry will call it insane but yes, they do exist and often sold as booters or stressers but at the end of the day they are DDoS for hire.

Historically, we have seen DDoS as the most dreaded attack. Who will forget Ping of Death? But now, it is sold as a service and you do not even need to go to the mysterious path of Deep Web. Just google "stressers" and first thing you will find is 'Top 10 DDoser's (Booters/Stressers)'. They are basically sold under the pretext that you can do stress testing of your server. How much load your server can take. You can take as a regular service monthly/year … whatever

The point I want to make here is it is okay that we have a need for offensive security but to what extent? We have defined Black hat hackers as well white/grey hat hackers.  We have also defined what is ethical hacking and what un-ethical hacking. But selling an attack as a service ?

Lets come back to topic DDoS and see what it is.  A DDoS attack is a malicious attempt to make a server or a network resource unavailable to users and how is it done ? Using bots/botnets and how bots are made ? It is a combination of the bot payload and the CnC (command and control) files, package that needs to sit inside a computer that computer becomes bot and you can do this by phishing attacks, brute force or any sort of social engineering. Once, you create one bot, just create another one and connect them and that’s the creation of botnet. Even that is not difficult these days. Again, you google it and you will find several popular botnet builder kits.

And one cannot imagine the sizes of botnets. They are in millions - 2 million, 5 million, 10 million. One of biggest botnet, Storm, I guess was estimated of having even 50 million computers.

And when you look at any cyber attacks today whether its Email spam or against a corporate, DDoS has a contribution in it. Even in the recent Ukraine power grid attack, although the attackers bought down the power, they still did a DDoS attack against the call-center of Power companies so that customers cannot call the customer service.

DDoS has become a center of all this growing landscape of Cyber Security but we are still thinking of using it to do stress-testing for our server. The bigger issue is these botnets. It is not that security companies are not doing anything in killing these botnets.  FireEye Malware Intelligence Lab has been able to crackdown on few by researching on their malware and command and control function, doing reverse engineering and looking at their fall back plans. But there is lot to be done.

My last piece of article is after all what is bot or rather who is bot ? Its ultimately your computer. You and your computer is the bot which is infected and you even do not know that how big the network is of which you are the part and what your computer is doing against whom and where.

As a Internet citizen, it is for us as well to our bid to get rid of this ugly side of your computer. So, just few tips, that you can do to avoid to be part of some botnet attacking some network somewhere.

1. Create very strong and complex passwords and change them often, and never, ever reuse a password on another site or account.
2. Keep all applications up-to-date with the latest patches, and use a less-targeted browser such as Chrome or Firefox.
3. Free software always come at a price, most frequently by side installing adware, browser extensions or other software you didn’t ask for. Think before you install them.
4. Never click links in emails or texts that seem to come from your bank or any other institution. If you think the message might be valid, log into your account directly, without using the supplied link.