Stresser

Last updated

Stresser (or booter) services provide denial-of-service attack as a service, usually as a criminal enterprise. [1]

Contents

They have simple front ends, and accept payment over the web. Marketed and promoted as stress-testing tools, they can be used to perform unauthorized denial-of-service attacks, and allow technically unsophisticated attackers access to sophisticated attack tools. [2] Usually powered by a botnet, the traffic produced by a consumer stresser can range anywhere from 5-50 Gbit/s, which can, in most cases, deny the average home user internet access. [3]

Targets of booter/stresser services include network gaming services. [2] [4] Motivations for the use of stresser services include revenge, extortion, and simple mischief.

Law enforcement activity

The use or provision of booter/stresser services for unauthorized DDoS attacks is illegal in both the United States and the United Kingdom under the Computer Fraud and Abuse Act and Computer Misuse Act 1990 respectively. [1] [5]

In 2023 it was revealed that a cross-industry organization called "Big Pipes" with representatives from major Internet companies had been working with law enforcement to find and shut down illegal booter/stresser services for the previous five years. [4]

The UK National Crime Agency has set up numerous "honeypot" websites purporting to be booter/stresser services. The details of people registering with these fake services are logged. [6]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service can be accomplished in a variety of ways, including programming or logical vulnerabilities, improper handling of resources, or by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Zombie (computing)</span> Compromised computer used for malicious tasks on a network

In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hacker. Zombie computers often coordinate together in a botnet controlled by the hacker, and are used for activities such as spreading e-mail spam and launching distributed denial-of-service attacks against web servers. Most victims are unaware that their computers have become zombies. The concept is similar to the zombie of Haitian Voodoo folklore, which refers to a corpse resurrected by a sorcerer via magic and enslaved to the sorcerer's commands, having no free will of its own. A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films.

<span class="mw-page-title-main">Botnet</span> Collection of compromised internet-connected devices controlled by a third party

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

<span class="mw-page-title-main">The Spamhaus Project</span> Organization targetting email spammers

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

<span class="mw-page-title-main">Stacheldraht</span> Malware for performing distributed denial of service attacks

Stacheldraht is malware which performs a distributed denial-of-service (DDoS) attack. It was written by "Thomas Stacheldraht", a member of the Austrian hacker group TESO. It was first released in 1999.

<span class="mw-page-title-main">Blue Frog</span>

Blue Frog was a freely-licensed anti-spam tool produced by Blue Security Inc. and operated as part of a community-based system which tried to persuade spammers to remove community members' addresses from their mailing lists by automating the complaint process for each user as spam is received. Blue Security maintained these addresses in a hashed form in a Do Not Intrude Registry, and spammers could use free tools to clean their lists. The tool was discontinued in 2006.

The Russian Business Network is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of MPack and an alleged operator of the now defunct Storm botnet.

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

In 2013, there were two major sets of cyberattacks on South Korean targets attributed to elements within North Korea.

<span class="mw-page-title-main">High Orbit Ion Cannon</span> Denial-of-service attack tool

High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Praetox Technologies and later released into the public domain. The security advisory for HOIC was released by Prolexic Technologies in February 2012.

BASHLITE is malware which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 Dyn cyberattack. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

<span class="mw-page-title-main">DDoS attacks on Dyn</span> 2016 cyberattack in Europe and North America

On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.

Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.

<span class="mw-page-title-main">2020 Miami-Dade Public Schools DDoS attack</span>

On 3 September 2020, at 2:53 am EDT, a 16-year-old male from South Miami, Florida was arrested in connection with distributed denial-of-service (DDoS) attacks on the Miami-Dade County Public Schools's computer network, the fourth largest in the US, causing the system to crash during the first three days of the school year. It occurred as the school system was attempting to conduct internet-based instruction during the COVID-19 pandemic of 2020. After monitoring the IP addresses using the network, investigators concluded the teenager and several foreign actors had hacked the system. At the time, the school district had contracted Stride, Inc. to provide the software necessary for the internet-based instruction. Despite its price tag of $15.3 million, Stride was surprisingly susceptible to the attacks. Consequently, the school district sought the help of the FBI and U.S. Secret Service to investigate.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

<span class="mw-page-title-main">Operation PowerOFF</span> Joint operation to close DDoS websites

Operation PowerOFF is an ongoing joint operation by the FBI, EUROPOL, the Dutch National Police Corps, German Federal Criminal Police Office, Poland Cybercrime Police and the UK National Crime Agency to close "booter/stresser" services offering DDoS attack services for hire. Beginning in 2022, the operation shut down 48 websites offering DDoS services, and six people were arrested in the United States. Multiple companies, including Cloudflare, PayPal, and DigitalOcean provided information to the FBI to assist in the seizure.

References

  1. 1 2 "The FBI and International Law Enforcement Partners Intensify Efforts to Combat Illegal DDoS Attacks". Federal Bureau of Investigation. Retrieved 2023-05-11.
  2. 1 2 Krebs, Brian (August 15, 2015). "Stress-Testing the Booter Services, Financially". Krebs on Security. Retrieved 2016-09-09.
  3. Mubarakali, Azath; Srinivasan, Karthik; Mukhalid, Reham; Jaganathan, Subash C. B.; Marina, Ninoslav (2020-01-26). "Security challenges in internet of things: Distributed denial of service attack detection using support vector machine-based expert systems". Computational Intelligence. 36 (4): 1580–1592. doi:10.1111/coin.12293. ISSN   0824-7935. S2CID   214114645.
  4. 1 2 Greenberg, Andy. "The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services". Wired. ISSN   1059-1028 . Retrieved 2023-05-11.
  5. "DDoS attacks are illegal". nationalcrimeagency.gov.uk. Retrieved 2023-05-11.
  6. "UK Sets Up Fake Booter Sites To Muddy DDoS Market". Krebs on Security. Retrieved 2023-05-12.

See also


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.