Internet’s largest hacking forum removed its DDoS-for-hire section after being linked to Mirai attacks
The source code for the Mirai botnet was freely released to the public by a hacker going by the name Anna_Senpai via Hack Forums iStock

The internet's largest and most popular hacking forum – HackForums – has removed its DDoS-for-hire section in an unprecedented move. The administrator of the forum, who goes by the pseudonym Omniscient, announced the decision to axe the DDoS services section in the wake of the massive Mirai attacks on Dyn, which nearly brought down the US internet.

Omniscient said his decision to remove the SST (Server Stress Test) section, which is the name commonly given to DDoS-for-hire services, came after the US authorities increased scrutiny into the security if IoT (Internet of Things) devices, Softpedia reported.

The HackForums' admin said: "I'm going to be shutting down the SST forum. No new threads can be created there. All non-stickies are closed. Once the current paid stickies expire the section will be removed entirely. I will be adding new policies to the Help Docs to concerning SST topics for the rest of the forum. Existing policies disallowing SST in any section besides SST currently still apply until I update the Help Docs. Unfortunately once again the few ruin it for the many. I am sure this is going to upset some members but also please many, some of whom aren't even members. I'm personally disappointed that this is the path I have to take in order to protect the community. I loathe having to censor material that could be beneficial to members. But I do need to make sure that we continue to exist and given the recent events I think it's more important that the section be permanently shut down."

Fingers pointing to HackForums

Contrary to the claims of various hacker groups and other entities, cybersecurity researchers found that the Mirai botnet, which Dyn along with a few other security firms confirmed was primarily involved in the attacks, was also linked to HackForums. Flashpoint researchers said Mirai was connected to "users and readers" of HackForums who are known for creating, using and commercialising DDoS tools. It is also noteworthy that the source code for the Mirai botnet was freely released to the public by a hacker going by the name Anna_Senpai via HackForums.

The silver linking of Mirai attacks and the consequent US internet outage appears to be the significant attention that IoT security vulnerability is now getting from US authorities. Omniscient's decision to shut down DDoS-for-hire indicates the possibility of law enforcement crackdown on cyberforums, which may be misued by crooks to design and propagate attacks.

ESET security researcher Stephen Cobb told IBTimes UK: "The idea of a DDoS attack is to turn a large collection of computing devices against a small number of target computers, or even a single server, and that idea has been around for a long time. The idea of exploiting home routers for such attacks is at least ten years old and I'm pretty sure that all of my fellow researchers, at ESET and at other organisations, sounded warnings about the abuse of IoT devices for DDoS years ago.

"In this respect, the history of IoT insecurity and abuse echoes that of numerous preceding waves of technology, where security experts warned manufacturers that they had to design their internet-connected devices to be secure from the ground, but too many manufacturers did not. The unique thing about the IoT security problem is the sheer number of devices and the speed with which that number is growing."