main

Security

DDoS 2.0: Hackers Getting a Taste of their Own Medicine

November 17, 2014 — by Oren Ofer53

Cybercrime and hacktivism are on the rise and commercial and governmental organizations are common attack targets.  But, based on recent evidence, an increasing number of cyber-attack targets are other attackers.  That’s right – attackers attacking other attackers.

Recently, Radware security researchers have analyzed samples of a potentially new attack tool called “ddos.exe”.  This tool challenges the concept of honor among thieves.

The alleged Denial of Service (DoS) attack tool, “ddos.exe” as implied by its name, is actually a new variant of NJRAT agent installer.  How it works is that a victim is tricked to run the ddos.exe.  They install the agent, which collects various information regarding the infected host, this information is then reported to the C&C and awaits for further instructions, such as: covert remote desktop, remote execute operating system commands, theft of keystrokes, file uploads, and remote camera control.

As normal NJRAT agents come with built-in anti-virus evasion techniques, the ddos.exe variant was tweaked further with additional commercial tools and proprietary code written to avoid this.
This sample seems similar to the case of Anonymous-OS, an operating system which was released by a group of hackers in 2012, later to be reported to have built in backdoors.  So who is it that is interested in hacking and installing a Trojan in other attacker’s hosts?

Meet the attackers that are attacking the attackers

The main players could be hacktivists, cyber-criminals or law enforcement agencies.

Hacktivists

It is common practice for DoS groups to synchronize their targets and attacks.  These groups often exchange DoS attack tools and it might seem legitimate from a hacktivist’s point of view that installation of a remote access tool on a “volunteered” host would mean a more effective way of utilizing resources for a DDoS campaign.  In addition, it would also enable to ensure that this host can be used in future campaigns.

Cyber Criminals

For cyber criminals the normal motivations are to use the infected hosts to mine virtual currency or extract credentials from emails and websites in order to steal credit card information.

More interesting, just as Crypto Ransomware is widely used to blackmail legitimate users, there is no reason why cyber criminals would avoid blackmailing other cyber criminals.  A cyber-criminal invests a lot in hiding his identity.  A threat to disclose a cyber-criminal’s identity along with detailed pictures and recordings to the law enforcement can be quite effective.

Law Enforcement  

Hacking hackers for the sake of national security is no myth.  By gaining a foothold inside hacker groups and individuals, law enforcements can gather intelligence about the attackers, their motivations, and their targets.  With this intel they can foil attacks before they begin, reach additional malicious hackers, and collect evidence that can be used in a court of justice.

The case of ddos.exe shows that the trend of attackers attacking attackers could be on the rise.  One may think “great, let them have a taste of their own medicine.”  But, this trend could actually expand the strength of big cyber-crook players with more resources, while it will push attackers to become smarter, stealthier, more cautious, harder to detect and eventually more dangerous.

To learn more about Radware’s Security Researchers, please visit:  http://security.radware.com/ for information on recent threat alerts and cyber-attacks.

Oren Ofer

53 comments

  • craigergrc

    November 17, 2014 at 7:06 pm

    Hacking other hackers is completely ethical. We have to practice on somebody, and there are many Google groups where you can find open invitations much like an online chess game. It’s more fun than playing stupid games — just don’t use your company resources to do it!

    Reply

    • Oren Ofer

      November 23, 2014 at 7:33 am

      Craigergrc, I totally agree that hackers who gave their consent and participate in a mutual “cyber chess” are definitely another option.

      Was this the case here? We are left to wonder…

      Reply

  • blackjackshellac4

    November 21, 2014 at 8:36 am

    Seriously who the hell is going to name a DoS tool with that in the name and hackers actually fell for it? No offense, but I have a doubt.

    Reply

    • Jerd

      May 31, 2015 at 12:49 pm

      You must be a very literal person. No thinking outside the box for you. Congratulations!

      Reply

    • Gelio

      August 22, 2015 at 8:49 am

      No kidding, even i wouldnt fall for that!

      Reply

  • Chato

    December 22, 2014 at 6:54 am

    Hackers are like KIDS who challenges the impossibilities at the expense of killing or shutting down other computer capabilities. HACKERS are basically CRIME CRIMINALS who intentionally sabotages and destroy to prove something to be well known or to be famous or be the world’s KNOW IT ALL. HACKERS need to be punish!— this is like a HOME INVASION — a CYBER INVASION, similar to when one enters a home that is not invited. You fight — fight for your life and your family.

    Reply

    • John B.

      March 9, 2015 at 7:58 am

      What exactly is a “CRIME CRIMINAL”?

      Reply

      • Kevin

        March 13, 2015 at 8:26 am

        CRIME CRIMINAL- One who breaks the law in on ongoing lawbreaking adventure. That is Wikipedia’s definition.

        Reply

        • Chato says what

          March 28, 2015 at 12:31 pm

          Chato also says “HACKERS need to be punish!”
          Does Wikipedia or any dictionary say that the definition of Punish = Hacker?
          Those KNOW IT ALL CRIME CRIMINAL HOME INVADING KIDS!!!
          (heh)

          Reply

      • Brian

        April 9, 2015 at 9:42 am

        A professional criminal that is meticulous at following all laws and accepted proceedures?!? lol

        Reply

      • Gerald Nobody

        June 10, 2015 at 12:39 pm

        Someone who commits a code 186. It’s just short of an MDK (murder death kill)

        Reply

        • John

          September 13, 2015 at 9:21 am

          Hahahaha

          Reply

    • Brian

      April 9, 2015 at 10:20 am

      Actually, being a hacker has nothing to do with being a criminal or a law abiding citizen. Hacking has nothing to do with morality, which is the border between good/lawful and bad/evil/criminal. Hacking refers to a person that takes an item and modifies it in some fashion in order to better fit their own needs, desires or intellectual curiosities. In fact, every single person in the world could be labeled a hacker if you think about it. Do we not take in oxygen and then hack that O2 molecule and it eventually is released as a CO2 molecule? So, in actuality, the results of hacking are a mirror of the type of person who does the hacking. Sometimes the mirror image image is one from a funhouse mirror (the ones that show you in a distorted way) when unforeseen side effects occur. But in the general sense, the good/lawful person will do so in an attempt for good/lawful results. Likewise, the bad/evil/criminal people will probably have nefarious aims for their work. So this is something to put in the “nothing new” category, because we all know that bad people do bad things while good people do good things. Your first sentence should read something like, “Criminals are people who don’t want to conform to laws and manorisms set forth by the society they live among and are looking to see just how far they can push back against them and be able to escape the consequences.”

      Reply

      • Citizen Ghost

        May 12, 2015 at 9:28 am

        Let me guess, you are a hacker desperately looking for an excuse to feel better about the fact that you are one of the most immoral, and pathetically repulsive human beings in the history of humanity. As a victim of your type of creature, a pitiful excuse for a human being, I can tell you unequivocally that it is a moral issue for many reasons, not the least of which is the monumental problems it causes the victims in terms of money spent to regain their stolen identity and replace destroyed computer equipment. It disrupts lives and families and those caught engaging in this abhorrent and maniacal behavior should be tossed so far back into the Federal Correctional system that they’ll never see the sun shine again for the rest of their miserable lives. Have a nice day.

        Reply

        • chris

          May 16, 2015 at 12:22 pm

          You do realize that the first usage of the term “hack” and “hacker” was used by the model train club at MIT who sought to make improvements to their model trains in the 1940’s. Go do some research.

          Reply

        • Vormaen

          June 5, 2015 at 1:46 pm

          One of the most immoral? Have you been watching the news? jihadists, murderers, rapists? Your definition of the most vile or immoral must be severely limited by your social privilege. And like humanity, there are good hackers and bad hackers. But everything must be black and white to you.

          Reply

        • desroyedvetslife

          August 9, 2015 at 7:52 pm

          OhTo the one who hacked my identity,I’m guessing your a type who feels his or her life has little or know meaning so you take someone else’s identity because your identitymeans little or nothing. You took a twenty year sooldiers identity and stepped on like it was yours to destroy a father a grandfather a greatgrandfather. A man who worked since he was seven till he was seventy a religious man. Well done you child of irresponsible parenting. Have a nice day,someplace else…..

          Reply

      • Citizen Ghost

        May 12, 2015 at 9:36 am

        ” In fact, every single person in the world could be labeled a hacker if you think about it.”

        You mean if you think about when you’re in your Mom’s basement- er uh, pardon me, when you’re in your “Command Center” and you’re stoned out of your mind on the pot you bought with the money you stole from your mom’s purse and you’re guzzling Red Bull and haven’t crapped in two weeks because your intestines are full of bread and cheese from forty pounds of Hot Pockets, and so your brain functions with the efficiency of a rusted out wheat cultivator left sitting in an Indiana corn field for 8 years? Is that how you think of things, sphincter boy?

        Reply

        • chris

          May 16, 2015 at 12:32 pm

          You really need to some research instead of just regurgitating the brainwashing talking points that the news media spoon feeds the intellectually bankrupt (ie you).

          Can and do people use their computer and coding skills in criminal activities. Yes. Should they be punished. Yes. However, the punishment needs to fit the crime. Why should someone face years of probation and hundreds of thousands of dollars in fines for participating in a DDOS attack for one minute(1). Now for the technologically ignorant (ie you) a DDOS attack does absolutely no damage to the targets servers and no data is compromised. What actually happens is that the target’s servers are flooded with requests shutting down the website to further visitors. The analog comparison is a sit-in or boycott. And like its analog cousin, as soon as the DDoS attack ends the website comes back up as if nothing ever happened.

          Finally, in a digital age why should protests be limited to the analog world? Why should protestors be limited to standing in front of a tech companies office when that company can still conduct business online. Simply put, in a digital world we need to have protected capabilities of digital protest which DDoS is the best option because it is non-invasive and non-damaging to the infrastructure. In short, DDoS should receive the same 1st Amendment protections as peaceful assembly.

          1. http://www.dailydot.com/crime/anonymous-ddos-attack-1-minute-sentence/

          Reply

          • Dctrhdd

            August 7, 2015 at 12:39 pm

            Describing a DDOS attack as some kind of organized protest is just foolish and ignorant. All DDOS attacks are criminal and many are used to extort money and we are not talking about some kind of digital Robin Hoods. If you worked in the industry you might have a better understanding of the time($), resources($) and money($$) required to combat this thievery. These criminals deserve to be punished most severely.

          • Ralph

            September 2, 2015 at 12:32 pm

            Want to claim 1st amendment rights? Fine. Go ahead and register your name, where you’re going to protest, and for how long in advance just as is required in most physical jurisdictions.

      • Sparky3489

        June 11, 2015 at 12:17 pm

        You are actually describing a MODDER, not a hacker. You even state, “.. a person that takes an item and modifies it in some fashion…”.

        YES, THERE IS A DIFFERENCE!

        …and yes I’m arguing semantics. Because it is important to know the difference.

        Reply

      • Dave

        July 22, 2015 at 10:57 am

        The term hacker is not something to be proud of. Its root word hack is a term to describe someone who is able to achieve some level of success but only through fumbling about until success is achieved. That is why ‘Hacker’ is a term used to describe young computer science enthusiast and not something that any seasoned professional would ever want assigned to them. Any professional who calls them self a hacker I would seriously have reservations about using their services.

        Reply

        • CJ

          September 4, 2015 at 11:26 am

          If a 13 year old accidentaly hacks into your bank account because you were too stupid not to put it in my documents while streaming your stolen movies maybe nobody would have broke into your network. But if the 13 year old doesnt steal your information for use should he go to jail? Some of the people your sitting here acting like you understand defend you on the net more than you will ever know. The same people end up going ethical and designing a new firewall protocol or stop chinese hackers.
          Stop hating hackers, in the next few years when you cant log into facebook you’ll be begging them to help fix everything the bad people are doing

          Reply

    • Ted Langs

      September 20, 2015 at 1:53 pm

      I often wondered why no one ever developed an attack virus to seek out hacker
      ‘s system and destroy it and their ability to pendetrate other’s systems. Certainly we have people who could develop such a tool. distroy and record it and the address of the originator. If you can penatrat my computer for information I say tit for tat. A attack virus instead of having to buy protection from hackers.

      Reply

  • Sara

    February 15, 2015 at 8:07 am

    Go Ddos! These people are worst than criminals. They are terrorist, they have hacked into sites of pharmacies, so people can’t get there medicine or needed medical supplies. They cost millions of dollars in computer repair and replacement. And I could go on and on. These crimes have been ignored for much too long.

    Reply

    • Brian

      April 9, 2015 at 10:35 am

      When did that happen? What do you think of those poor, meek pharmaceutical conglomerates performingunethical and illegal tests of drugs on unknowing people? In reference to my above post, bad people do bad things in all walks of life and use whatever means they can to accomplish it. Whether that person is a nerd hunched over his computer, a catholic preacher or a corporate executive doesn’t change the type of person they are. It does, apparently, change how we handle those bad people and how and how much they have to be accountable for the badness they did…

      Reply

    • chris

      May 16, 2015 at 12:35 pm

      Sara,

      You cannot actually hack into a system using a DDoS attack. Why? A DDoS attack simply sends a bunch of requests to a websites server so that the server is unable to keep up with the requests and denies service to users after the attack begins.

      Once the attack is over the server is able to process requests and the website comes back online as if nothing happened.

      Therefore, with a DDoS attach you CANNOT actually hack into the companies network and gain access to sensitive information.

      Maybe you should educate yourself before posting something that can be so easily debunked.

      Reply

      • Abhishek

        November 16, 2015 at 12:58 am

        Chris is that you???

        Reply

    • Mark

      July 31, 2015 at 11:51 am

      People really don’t understand what a hacker is. I was one a long time ago when I was young and I did it to improve a operating system so it will work more soundly and efficiently because I wanted a well protected system to use for myself.

      The news always puts a bad spin on any term to get publicity. A hacker is someone who exploits weaknesses in a system. Plain and simple. Companies that are smart use them to find their weaknesses to close them. A hacker isn’t some kid that sits around to see if they can do it just to do it. Those who use tools developed by hackers to hack are NOT hackers.

      Before you condemn a Hacker, condemn people who do far worse damage. The Alcoholic makers and drinkers who drive. They do more damage to other’s lives in one year than all the Hackers have done since the term Hacker was coined.

      If you feel I am wrong about hackers, I will leave you with this thought. The media makes a big deal about Pitbull Dogs and have branded them lock-jaw evil beasts of heck. But in reality, Pitbulls are very sweet dogs that are very protective and their jaws have less power than a German Shepherd.

      Reply

      • Anon

        September 5, 2015 at 1:05 pm

        Mark. There are definitely a lot worse things going on then hacking as you said. Does this mean that wrongs should always be disregarded for bigger wrongs? If someone murders your son and rapes your wife, do you intend to forget the action in which you consider to be less “wrong”?

        Unfortunately it is very easy to manipulate these days. Debating the definition of the word “hacker” when, no matter the definition, you are fully aware what is being referred to.

        Are you entering a debate with other humans concerned over their financial security with a word debate? Given your logic of importance, your point of debate becomes “less important” as there are points of this debate focusing on hardships, not the meaning of a word.

        It is very important for people to know and understand that manipulators such as this do no represent any community that may indulge in the activity of “hacking” as this article intends the description to be.

        People like this are labeled “script kiddies” and are often considered jokes.

        Any of your concerns of your personal well being are well founded concerns. It is your nature. Anyone that shifts your concerns into trivial things such as a “word definition” intends to try and make you feel, well, stupid. In this case they can psychologically perform manipulation on others. The sad part is, they actually do not know they are doing this and cannot plan it ahead of time either. A good while ago I learned that I had these tendencies. When you make this realization you actually can begin to plan its usage. Not using it is what separates me and you from negativw political influences and leaders of impoverished nations.

        I encourage you to really look deep and ask yourself (cliché), am I actually considering the word “hacker” to be more important of a discussion than a family placed into poverty. I think with a good enough look, you may find that you happen to be a manipulator, and you may not have even known about it.

        Reply

  • Sandra G. Orozco

    February 22, 2015 at 6:45 am

    Ummm pardon me but I do not know what you people are talking about. One thing I will say is all this upsets me. Please excuse my illiteracy.

    Reply

  • JIdge

    March 15, 2015 at 7:25 am

    Games become more fun when the stakes are higher right? Maybe hackers should just look at this trend as making the game more interesting. Fuck up and go to jail for 10 years. I’m sure it would be easier time than what the average incarcerated criminal faces, they could be put to work hacking the Chinese hackers.

    Ethical hacking is like mob justice. It’s one sided, frequently wrong, and has nothing to do with justice. We have a judicial process for a reason. Every case is unique, but generally speaking, time we start treating hackers like criminals. You’re not above the law just because you were a bullied nerd in high school.

    Reply

    • chris

      May 16, 2015 at 12:40 pm

      Your attempted definition of White Hat or ethical hacking is off base.

      Ethical hacking is when you have permission from the owner of the network to hack into it as to expose vulnerabilities that can then be fixed so a Black-Hat hacker cannot use that vulnerability to compromise sensitive data.

      Let us now extend the above definition to include the actual definition of hack and hacking and not the propagandized version. Ethical hacking is the improvement of existing systems to improve those systems or gain before unrealized potential from a system. Open Source Software and Hardware is a great example of this. Take Linux, for example, where anyone can see the source code and submit fixes for problems. The end result is a far more secure OS kernal that has a far faster update release schedule than your typical closed source companies such as Microsoft and Apple.

      #educatethyself

      Reply

  • jihadd

    March 15, 2015 at 7:39 am

    Hi

    Reply

  • I'm the hacker hacker

    March 28, 2015 at 12:35 pm

    I admit it. I wrote ddos.exe. I did it for the lulz. I’m sorry hackers. Can y’all ever forgive me?

    Reply

  • MooCow

    April 8, 2015 at 7:28 am

    You mean script kiddies? Hackers don’t download random files from unknown sources to play “one button denial”. Hell, DoS attackers are the little bus riders in the world, at the very least Arp-Posion

    Reply

    • Brian

      April 9, 2015 at 10:38 am

      Ahh, the days of war-dialing. Good times, good times…

      Reply

  • Crime criminal

    April 13, 2015 at 11:43 am

    I am a CRIME CRIMINAL who wants to reform. I only want to be a noncrime CRIMINAL from now on.

    Reply

  • Shelby

    April 23, 2015 at 11:37 am

    My little cousin just won a Facebook Hackathon. She and her teammates used their power for good, not evil. Lol major companies use hackers all the time to check the validity of their firewalls.

    Reply

  • C j Buechler

    April 26, 2015 at 11:01 am

    i though hack-backs by the government were illegal.

    Reply

    • isthisthelineforbathroom

      August 12, 2015 at 8:04 am

      can someone tell me how to get to the freeway?

      Reply

  • Brimm Rotundrah

    May 13, 2015 at 10:24 am

    Yes And The Gourd Said Opon Him; Lest There Bees Lite, Lester Beets Street, And All Dat. Then He Died.

    Reply

  • Lamarr

    June 1, 2015 at 12:33 pm

    Erase the national debt/irs databank for the lulz

    Reply

  • Bad Boy

    June 21, 2015 at 10:54 am

    Shoot them all.

    Reply

  • patrick

    August 4, 2015 at 4:39 pm

    iv’e seen some of the most ignorant unimaginative comments on this page , i have no criminal history i sit and modify devices and software all the time ,does that make a criminal ?others i know do penetration testing with permission to test network security does that make them criminals , as with legal situation its intent that determines if its a crime or not , the truth is the government has broken laws in prosecuting hackers ,educate yourself dont regurgitate the headlines and sound bytes on the news ,hackers built on what we have no computers , smart phones the networks , btw the term for someone that breaks the law hacking is cracker criminal hacker ,if you want to wallow in your ignorance so be it but , this is the truth, educate yourself

    Reply

    • Crash Override

      August 13, 2015 at 6:57 am

      What makes you a criminal is your butchering of the English language. Even insinuating that modifying devices or software somehow lumps you into the hacking boat is pretty hilarious. But that’s cool, I’m a hacker cuz I write big formulas in Excel that modify the intent of the software in order to live my life as a non-crime criminal. Sometimes, and I share this only with you, I use task manager to view my processes and I end them maliciously! Hack the Planet!

      Reply

  • HG

    August 13, 2015 at 9:57 am

    Hackers have a bad wrap and for good cause. The digital/analog right to protest is quite a far stretch of imagination, like connecting 2 distant stars in the sky and saying “hey look they are 2 inches apart”. Whether a person chooses to see from a limited perspective or not is the key. Still, hacking is a crime and here’s an example.

    No one has the right to negatively impact the top, which currently holds the fort together where innocence can prosper. That’s like being mad at the local shop, standing then blocking a little kid who wants to get in for a piece of candy. Only self serbiance would turn a blind eye to the cold that emanates outward from such acts. Certainly it must be with ignorance to believe others don’t get hurt just as the stone tossed into a cool calm lake will create ripples.

    And, this next analogy is just off the top of my mind. A hacker who targets a weak Network then goes into another persons computer without consent has far surpassed the moral indicator to be a good citizen.

    At first the hacker is like a stalker- stalking prey, then they see what they can do and become a peeping Tom to see if there’s anything worth while, next they act like a burglar thieving whatever they can get or causing disruption for pleasure or monetary gains – again similar to a bandit or pirate who holds something dear, like another soul, for ransom. Finally, when a hacker actually destroys others lives, through identity theft, they become a leech on society, hiding in the shadows just like murderes down back alleys in the late NY era. One click of a button could almost be equated to one pull of the trigger and for that, hackers should be serving time soon in a penetentary near you 🙂

    Finally, when I think about the word hacker, I’m thinking coughing, Phlemb, sickly, diseased. That’s pretty close to the mental instability someone has that considers themselves a hacker of any sort.

    Reply

    • DocConSpecialist F

      August 27, 2015 at 7:56 am

      @HG, Brilliant analogy of a Hacker. What a Hacker(s) did to my Grandmother on SSI was
      Horrifying,(Theft,Stalker,etc.)
      lost her home & committed Suicide at age 89. Hackers that are helping companies & people is fine. Hackers that ruin peoples lives for fun & greed should hang by the neck until DEAD!

      Reply

  • Steven Johnston

    August 19, 2015 at 11:43 pm

    The bad hackers can walk into rush hour traffic on I95 and get hit and die.The good ones keep doing good work you are doing.

    Reply

  • Joseph Bohica

    October 12, 2015 at 6:53 pm

    Consider:
    You want to protect your family. You buy a state-of-the-art burglar alarm system. It’s so good, you extol its virtues and convince me to buy one. During the installation, as I’m testing my PIN/passcode on the keypad, I discover that the manufacturer made a serious blunder. He left the test passcode active! It is 999999999. The burglar alarm is not secure!

    Do I tell him? Do I tell the manufacturer? Do I tell everyone who might be interested in this system? Do I make a post on the manufactures’ web-site?

    Discussion:
    I think I’ll do the right thing and post it on my local bulletin board. I want to inform anyone who may have such a system that their families are in peril! Now, someone who also happens to frequent that web-site sees that post, and goes merrily on his way looking out for this specific burglar alarm so as to easily defeat it and rob people.

    No, wait, I’ll contact the manufacturer directly and inform him. Now, I either get the law at my doorstep, or a threatening missive from the manufacturer.

    So did I do anything wrong? It’s certainly not illegal for me to push a bunch of buttons on my own burglar alarm. It’s not my fault that the manufacturer is in error. I’d certainly want to tell my close friend about it, so he can protect his family better. And I would certainly want to inform anyone who has such a system that they need to take action also; it would be irresponsible not to do so. And I would certainly want to inform the manufacturer so he can fix this glaring and potentially deadly flaw.

    So in regards to hacker/hacking, that’s me. I tried something unusual or out-of-the-ordinary and got an unexpected result. This is no different than pushing a bunch of digits on your phone and finding out you can call China(?) for free. (Ummm, you HAVE all done this kind of experimentation at one time or another, right?) Good news, you’re a hacker. Now the guy who took your info and ran on a burglarizing spree with it, HE’s the criminal.

    If you are serious about understanding the hacker (not the criminal!) mentality, consider “2600 The Hackers Quarterly”.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *