Education, freedom and knowledge. These are the pillars for higher learning, but have often been used to describe some open source projects and services that have the potential to be abused by those that are not so innocent. Over the last two years, tools like stressers, Remote Administration Tools (RAT) and ransomware have been published under these pretenses, but do they serve a legitimate purpose? These projects have set off an international debate in the information security community and many wonder if they should be available to the public. Often the justification for these projects is that they are intending to show the potential risks so they can be used to prevent infections or reduce potential damage. With stressers, they claim that the services are to be used to improve and test security products and to understand attack behavior targeting their network. But are they?
Denial of Service (DoS) attacks have come a long way since the days of LOIC and other GUI-based tools. Today, potential hackers do not have to know the first thing about conducting such an attack. They can simply purchase attack services to carry one out for them. Just a few years ago, attackers would have had to download simple GUI-based tool to launch a DoS attack. As time moved on, hackers started to combine their efforts and tools in distributed group attacks. Today, attackers are now abandoning GUI and script tools and opting to pay for attack services via stresser services.