Hacking used to require a distinct set of skills and capabilities. These days, attack services are bought and sold via marketplaces on the Clearnet and Darknet—a phenomenon that’s closing the gap between skilled and amateur hackers and fueling an exponential increase in threats.
Thanks to the growing array of online marketplaces, it’s now possible to wreak havoc even if you know virtually nothing about computer programming or networks. As attack tools and services become increasingly easy to access, the pool of possible attackers—and possible targets—is larger than ever. While many hacktivists still prefer to enlist their own digital “armies,” some are discovering that it’s faster and easier to pay for DDoS-as-a- Service than to recruit members or build their own botnet. Highly skilled, financially-motivated hackers can be invaluable resources to hacktivists seeking to take down a target.
By commoditizing hacktivist activities, hacking marketplaces have also kicked off a dangerous business trend. Vendors are now researching new methods of attack and incorporating more efficient and powerful vectors into their offerings. Already some of the marketplaces offer a rating system so users can provide feedback on the tools. Ultimately, this new economic system will reach a steady state—with quality and expertise rewarded with a premium.
Profiles in Hacking – Who’s Participating in Today’s Hacking Community?
This is the largest segment—and the one driving the rapid growth of attack marketplaces. These are low or non-skilled hacktivists who pay to participate in an operation. Without the knowhow for do-it-yourself campaigns, they spend $20 to $200 per month on attack services that give them access to an easy-to-use attack portal.
These are the hackers who have the wherewithal to carry out their own attacks and spearhead hacktivists operations. They have a good enough understanding of networking and programming to write their own attack programs, as well as build their attack platforms by exploiting cloud and trusted services. Given their skills, hackers are not constrained by an attack time limit or power. Consequently, they are capable of launching sustained, long-term attacks against their targets, sometimes at very high volumes.
This segment is home to hackers who have realized they can generate a great profit by providing attack services to consumers. As in any economic system, higher quality or sophistication yields greater returns and forces improvement. Some vendors are selling enough services to generate more than $100,000 a year. AppleJ4ck, the vendor behind vDoS, the DDoS-for-hire service1, allegedly made $600,000 in just two years before being arrested.
What Motivates Hacking?
In previous reports, Radware has used Richard Clarke’s acronym—C.H.E.W. (Cybercrime, Hacktivism, Espionage, Warfare)—to categorize the origins of cyber risk. Now we introduce P.E.D. (Profit, Evasion, Disruption) as an acronym for the three core motivations reflecting the evolution of the hacker community:
Not surprisingly, money is the primary motivation in the attack marketplace. Those who want to commit a crime—but don’t know how to execute—will always pay someone to do it for them. And with demand outpacing supply, this is one crime that pays. Stressers—services orchestrating the generation of massive amounts of traffic—are known to bring in more than $100,000 a year. Vendors offering application exploits can generate thousands of dollars from selling one exploit on the Darknet.
The ability to evade detection is one of the most important capabilities a vendor offers to his or her business and clients. Vendors are highly motivated to stay on top of the market. After all, detection or mitigation of their services will cost them customers and profits. Thus, vendors continually research and discover new attack methods to help their clients bypass mitigation techniques and take down their targets undetected.
This represents one of the primary motivators for hacktivist groups. Hacktivists are motivated to disrupt their target’s operations and/or reputation; vendors thrive by investing in researching and discovering new attack vectors. A vendor offering the most disruptive power for the lowest price will stand to do more business than his or her competition.
What are the Tools of the Trade?
The Anonymous 2016 toolkit has been passed around a number of operations. It provides attack tools with a simple, easy-to-use graphical user interface (GUI). Using these tools requires little knowledge as they are often accompanied by instruction videos posted to YouTube.
Most tools offer basic TCP, UDP and HTTP attack vectors with slight variations. Some enable the attacker to customize payload options—including packet size, randomized data, threads and sockets per thread—in the tools. While low and slow attacks are not prevalent in the popular 2016 toolkits, HTTP attacks are a popular vector. When an operation is underway, hackers can easily bypass mitigation solutions and overwhelm server resources with simple POST/GET floods that appear to be legitimate traffic.