DDoS-for-hire sevices turn to mainstream advertising

Security researcher Brian Krebs said that many of these services are relying on “legally dubious disclaimers” to avoid crackdowns, and set out to examine one of them further. Between the week of Mar. 17 and Mar. 23, a service called Asylum Stresser was used to launch more than 10,000 online attacks. 

“Like other booter services, asylumstresser.com isn’t designed to take down large Web sites that are accustomed to dealing with massive attacks from Internet extortionists,” Krebs explained. “But these services can and are used to sideline medium-sized sites, although their most common targets are online gaming servers.”

Apparently Asylum Stresser does a fairly rip-roaring business: Krebs found that the main email address linking to the service received $35,000 in PayPal payments made by customers of the service, of which there were 33,000 user accounts created on the site.

The US administrator of the service, a 17-year-old honor roll student named Chandler Downs from Chicago, told Krebs that his service was to be used only for distributed denial-of-service (DDoS) “stress-testing” for internet resiliency. However, the company has posted a YouTube ad with a paid actor that talks up using the service to “take down your competitors’ servers or website":

“Do you get annoyed all the time because of skids on xBox Live? Do you want to take down your competitors’ servers or Web site? Well, boy, do we have the product for you! Now, with asylumstresser, you can take your enemies offline for just 30 cents for a 10 minute time period. Sounds awesome, right? Well, it gets even better: For only $18 per month, you can have an unlimited number of attacks with an increased boot time. We also offer Skype and tiny chat IP resolvers.”

Downs, for his part, characterized the internet as a caveat emptor kind of place: “No one would spend money to stress a site without a reason. If you’re giving someone a reason, that’s your own fault,” he told Krebs.

It may be operating in the open, but the security researcher found that Asylum’s ties go back to the Eastern European criminal underground. The service is hosted by Voxility, a Romanian service provider that “has a solid reputation in the cybercrime underground for providing so-called bulletproof hosting services, or those that generally turn a deaf ear to abuse complaints and requests from law enforcement officials.”

It is the home, for instance, of the organized cybercrime gang that is facing charges of developing and distributing the Gozi banking trojan.

What’s Hot on Infosecurity Magazine?