Why run a DDoS-for-hire service? Easy money

Who run so-called ‘booter’ services that are used to knock out websites and are sometimes used for extortion? Young males. Why? Easy money.

And do they feel guilty, knowing that their services support distributed denial of service (DDoS) attacks, which can cost businesses thousands of dollars and is illegal in many jurisdictions? Generally, no, according to a new study by Alice Hutchings and Richard Clayton, researchers at the Computer Laboratory, University of Cambridge.

That’s because most of the handful of operators that volunteered information for the study claimed they provided legitimate services.

Numerous studies have looked at how booter services operate at a technical level and how much money they can make, but not the motivations of those who operate them.

Booter services can technically be used by an organisation to stress test their own web server for its capacity to handle traffic, but are often used to bowl over a website.

The researchers said their main purpose was to understand the motivations of stresser operators, “their perceptions of the (il)legality, the market for their services and the economic benefits they might receive.”

They also wanted to find out how much time the operators invested into their operations, including site maintenance and managing partners.

The researchers explore a number of criminological theories to explain the behaviour of booter service operators, including that they just learnt it from others, or ‘neutralised’ or justified their actions by, for example, denying the possibility of their service could harm victims. Anther example of neutralisation would be blaming the victim for an attack.

Not surprisingly, few stresser service operators responded to requests by the researchers. After contacting 63 boot stresser sites, the researchers recruited 13 participants, two of which agreed to an online interactive survey and 11 that opted for an online survey. It does make for a small sample size, but one that comes from a small community of operators.

Responses indicated that all 11 participants were male and all below 34 years of age, with five from the North America, two from Europe, and the remainder from Asia, Africa and Australia. Eight were students while two claimed to work at a place of employment.

Interestingly, one of the respondents claimed to also provide DDoS protection service.

“I would rather not divulge the names of other companies I am involved in, however, I can say that I am involved in providing DDoS protection services, high availability web hosting, dedicated server hosting, and virtural server hosting,” one participant told the researchers.

Some of the respondents claimed to have been users of stresser services before beginning to offer these services themselves. Others integrated stresser services into existing products, such as web hosting for game servers, coding, web development and pen-testing services.

The researchers acknowledge that many questions were not answered by all participants however one question they did was: “What are your primary motivations for offering stressed services?”.

“The primary motivation, as claimed by eight participants, was the provision of services for the purpose of network testing,” the researchers wrote.

One participant, pressed for further detail, argued that his stresser service could assist a lot of data centres “prepare for an actual threatening attack that can cripple their networks for long periods of time resulting in financial loss, if they are prepared before an actual attack strikes, less damage will be done.”

Another said they couldn’t be held responsible for how their service was used, while another said he was acting lawfully because if law enforcement requested logs, he could and would provide them.

If you'd like further explanation, because it can assist a lot of data centers, server owners small and large prepare for an actual threatening attack that can cripple their networks for long periods of time resulting in financial loss, if they are prepared before an actual attack strikes, less damage will be done.

But these were justifications. One of the main reasons for operating a stresser service is easy money and respondents reported earning between US$300 to $500 a day. Three participants said the service accounts for up to 10 percent of their income, while two said it accounted for between 90 to 100 percent of their income.

Tags threatsData CentercrimeWeb serversDDoS attackstrafficeasy moneystresser service

Show Comments