Article Lead Image

Rent-a-botnet services are taking paid DDoS attacks mainstream

For $18 a month, this service promises to attack your enemies' websites whenever you want.

 

Lorraine Murphy

Business

Posted on May 14, 2013   Updated on Jun 1, 2021, 3:59 pm CDT

The nefarious dark lords of the Internet are masters of the botnet, networks of possibly thousands of machines secretly enslaved and bent to the master’s will. Botnets are one of the basic reasons why you have virus protection: So your computer doesn’t become part of one, subject to the will of a computational slavelord willing to rent out your computing power to the highest bidder.

Say hello to just such a slavelord.

Hackers: They’re just like us!

AsylumStresser is a botnet, branded and packaged and brought to you for the low, low price of only 30 cents per ten minutes, or $18 per month!

It’s really nothing new: botnets have been advertised for sale on hacker listservs and forums since the early days, and despite a nice camouflage as “stress testing,” have still been used to attack sites very effectively.

Anonymous, in one of its more quixotic moves, has petitioned the White House to recognize DDoS attacks as a form of protest. That effort is almost certainly doomed. Governments are, in fact, one of the favorite targets of DDoS attacks; we hit China, China hits us, and so on in a high-tech version of tennis. Hacktivist Raymond Johansen told us, “Let`s just say that it`s common knowledge that Teh dDozer is still out there and lotsa gvmnts are a shaking in pants. (Well, dress pants).”

AsylumStresser is not a registered company, just a team of two guys with a slick-looking site and a YouTube ad, but in this they are more mainstream than many of their peers. They take PayPal, too (Note: You should not pay for illegal services with Paypal. Duh). Their innovation lies entirely in the user interface: Stepping out of the shadowy niche of hacker forums and into the mainstream with their site and ad and payment system.

Before you minimize the impact of this action, recognize that innovation of the user interface is basically why the non-technical world heard about a guy named Steve Jobs. AsylumStresser essentially normalizes what had been very, very fringe, and makes it accessible to people with a minimum of fuss. They even rented their spokesmodel from Fiverr.

According to Krebs On Security, who gained access to a leaked database of theirs, AsylumStresser’s main targets are medium-sized gaming sites (in which case a likely scenario involves ransoming the site). He reports that the site admin is a 17-year-old student named Chandler Downs, and Krebs tracked him down and asked him some questions.

“Downs maintained that the service is intended only for “stress testing” one’s own site, not for attacking others. And yet, asylumstresser.com includes a Skype resolver service that lets users locate the Internet address of anyone using Skype,” Krebs reported.

And while Downs claims only harmless uses for the botnet, the ad clearly sells illegal actions like taking competition offline. And ironically, AsylumStresser uses CloudFlare, a service which is designed to mitigate the harm from DDoS attacks.

It’s probably just a matter of time before the same publicity that has reported netted AsylumStress $35,000 so far also attracts the interest of law enforcement. But even if AsylumStresser is eventually shut down, it won’t be the last mainstream botnet service. It’s basically a given that we’ll see a botnet advertised on Craigslist any day now. Low-hanging fruit is a profitable market, if you can manage to protect against the very kinds of attacks you market.

UPDATE: Chandler Downs may not be the villain in this story.  In an email to the Daily Dot, Downs clarified that he was never the person behind AsylumStresser, and that he was just paid to register and build the website for someone else. 

I was paid to design and code the website, nothing more. I was not involved in the botnet or anything like that, I have no idea where you people are getting these ideas, but they are incorrect. The website is ran by someone who goes by the name of “Phreaker” I was paid via libertyreserve, and I yes I no longer code for this person due to all the negative attention its been getting.

Downs also denied being the administrator of the site, and said that he never made the $35,000 that Krebs reported had been paid to a PayPal email address with his name on it. 

I have been receiving harassing emails from people upset about DDoS attacks that I am in no way involved or in control of. This product would exist with or without me. Also, I have no idea why you said I made 30k I was paid a flat fee of $1000 to code it and then $200 monthly to do updates and such.

H/T KrebsOnSecurity | Photo via PandaFrance/Flickr

Share this article
*First Published: May 14, 2013, 12:42 pm CDT