Did you know that you could buy DDoS attacks? Security researchers uncovered ads from sellers posing as stress testers on the online marketplace Fiverr. The ads featured DDoS botnets going for as little as $5 (£3.40) per hour.
Security Firm Imperva Incapsula conducted their own investigation in which they determined that the sellers posing as stress testers were in reality selling DDoS botnets which would essentially enable buyers to launch attacks on websites. Stress tests or stressers involve testing one's own website for its resilience against DDoS attacks. However, Imperva Incapsula researchers noted that of late "few bother to ask for any proof of ownership, allowing you to 'stress test' whomever you want—just as long as you continue forking over their subscription fees".
As part of their investigation, the researchers reached out to DDoS dealers on Fiverr and asked them whether they could use the service to also test other websites, to which one dealer responded saying: "Honestly, you [can] test any site. Except government state websites, hospitals."
"This just goes to show that even DDoSers have some moral compass, as well as a healthy fear of the government," said researchers Igal Zeifman and Dan Breslaw. "With the true capabilities of at least one of the 'stress testers' confirmed, we reached out to Fiverr to let them know about the misuse of their service. They were very quick to respond with a promise to have their Trust & Safety team investigate further."
According to a report by Softpedia, Fiverr, after being notified about the ads, has now removed all ads featuring DDoS attack services. However, when searching the online marketplace's website with terms like malware, several ads still appear to pop up, some of which may even be similar tech support scams.
This is not the only kind of hacking-related activity noted by researchers. Security firm Secure Work's 2016 Underground Hacker Marketplace Report noted that hacker-for-hire services are becoming increasingly common recently, adding: "Hackers are now extending their service hours, guaranteeing their work, and expanding their offerings to keep customers coming back."