Hackers all over the internet today are slowly adapting to the changes in the attack marketplace. Many notorious DDoS groups like Lizard Squad, New World Hackers and others have already entered the DDoS as a Service business, monetizing their capabilities in peace-time by renting out their powerful stresser services. But it’s not just DDoS. It’s all attack services including application-based attacks. These marketed services are now allowing novice hackers with little know-how to launch attacks via affordable tools that are available on the Clearnet. This growth is healthy for any market but has forced vendors to take on more of a traditional marketing strategy.
Flashing banners, weekly promotions and customer service are all keystones to a successful marketing plan, but are now becoming cornerstones for attack vendors as well. Vendors that are selling attack services are using modern marketing techniques but they are also using multiple platforms to market their goods and services, just like a large firm would do. Often times you can find the hackers selling or marketing discounts for their services on Twitter, Facebook and other social media platforms. Social media is an important platform for the attackers since this is the first place the media and spectators will look when a large service goes offline.
Hackers are also utilizing marketplaces and forums on the Darknet to market their services. The Darknet not only provides a layer of anonymity but also acts as a barrier, preventing the normal population from seeing specific deals and services being offered on these forums. Hackers will also privately sell services and other goods to trusted individuals via private chat.
Below are 5 techniques hackers use to market their services:
Stunt hacking – Large groups like OutMine, Lizard Squad and New World Hackers will engage in what is considered stunt hacking in an attempt to market their group’s services. When Lizard Squad used their attack tool to take out XBOX of PSN, other attackers noticed and wanted access to the same power behind the group attack tool.
Social media – Hackers will use social media to advertise and offer discounts for their attack services. Many times you will find a group committing a stunt hack and relying on their social media presence for marketing purposes following an attack. Whenever a major group claims responsibility for an attack, hundreds of thousands of curious visitors will go to their page. If the page contains a link to their services, it can result in paid subscriptions.
Forums – Attack services are openly advertised on websites like HackForums. Vendors usually post a detailed write-up about their services and offer vouch copies to help build a great customer service rating.
Private offerings – Underground hackers like to stay underground. Some do not have a social presence nor do they have a website that they market their services on. Some hackers are only available via PGP or XXMP encrypted communication. Once in contact with these vendors you can negotiate wholesale prices and receive sample databases for proof.
Customer Service – Just like any other service, the attack marketplace requires comments and reviews to sooth a client into making a purchase. Sending a large amount of money to an attack service vendor with no comments, reviews or feedback can be problematic. Today on most vendor websites, forums and marketplaces you can find a comment section filled with reviews from actual customers who have purchased the listed service.
As the attack marketplaces continue to grow, so will the number of vendors adapting to the changes in their environment. This growth in competition will result in more public advertisement of attack services. Vendors need to reach a wider audience to support the monetization of their capabilities. In order for these vendors to reach those that are willing to pay, they will need to become more proficient at marketing. If a gap develops in the vendor’s ability to market their services, they will need to seek out someone who could assist them. From this we could see the development of an advertising service just for attack services or we could even see attack sponsorship.
Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.
Daniel Smith is an information security researcher for Radware’s Emergency Response Team. He focuses on security research and risk analysis for network and application based vulnerabilities. Daniel’s research focuses in on Denial-of-Service attacks and includes analysis of malware and botnets. As a white-hat hacker, his expertise in tools and techniques helps Radware develop signatures and mitigation attacks proactively for its customers.