Collective Intelligence Podcast, Allison Nixon on DDoS-for-Hire Services
The pre-Christmas takedown of 15 domains associated with DDoS-for-hire services announced by the U.S. Department of Justice could signal a turning point in the fight against those selling booters and stressers in illicit communities.
These actors, who not only operate on the dark web but also brazenly on the open web, have hid behind the claim that they’re not responsible for the actions of their customers; they just build the tools. These services can in theory be used with benevolent or malicious intent, and through terms of service agreements included with the tools, users agree they won’t use a booter or stresser to attack others.
Get a direct download of this podcast here.
In this episode of the Collective Intelligence Podcast, Flashpoint Director of Security Research Allison Nixon explains why the DoJ’s action against three individuals named in indictments puts a dent in this line of thinking by booter and stresser service providers. For the first time, federal law enforcement purchased these services and tested them against a consenting victim in order to validate their capabilities and understand how these attacks are carried out. The indictments indicate that the FBI learned that the DDoS services were not vetting targets or verifying their ownership, and the attack sites operate in a way that degrades the performance and availability of DNS reflectors that booters use to launch attacks.
“This blows a hole in the remaining argument that booter owners have that their services are legal,” Nixon told Editorial Director Mike Mimoso. “A lot of them are under the impression that what they’re doing is legal. It’s not. It never has been. It just takes a lot of effort to take them down.”
Flashpoint was among a large number of private-sector companies and public-sector agencies involved in the investigation and takedown of these domains. While the precedent here is important, it was also a significant action against these sites, which the DoJ said represent some of the world’s leading DDoS-for-hire services. Some of these services had tens of thousands of subscribers and were responsible for hundreds of thousands of attempted DDoS attacks against banks, universities, gaming sites, and other domains where availability is a must for their business. The services were relatively cheap and fairly easy to use, making them an attractive tool for criminals.
Allison and Mike also discuss the importance of the collaboration behind these types of efforts and what happens behind the scenes between researchers who are sometimes working for competing organizations.
The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.
Director of Security Research
Allison Nixon is the Director of Security Research at Flashpoint. She has been a background source for numerous investigations and articles that focus on the post-breach issue of “who dunnit?”. Allison performs original threat research and specializes in DDoS attribution, cybercrime attribution, criminal communities, and answering questions that people have not yet thought to ask. In 2013, she spoke at Black Hat about bypassing DDoS protection. In 2014, she released a paper detailing methods for vetting leaked data. In October 2016, her findings placed her at the forefront of the Mirai botnet DDoS attacks against Dyn DNS. In her spare time she grows tomatoes and makes puns.
Michael Mimoso brings over a decade of experience in IT security news reporting to Flashpoint. As Editorial Director, he collaborates with marketing, analyst, and leadership teams to share the company’s story. Prior to Flashpoint, Mike was as an Editor of Threatpost, where he covered security issues and cybercrime affecting businesses and end-users.
Prior to joining Threatpost, Mike was Editorial Director of the Security Media Group at TechTarget and Editor of Information Security magazine where he won several ASBPE national and regional writing awards. In addition, Information Security was a two-time finalist for national magazine of the year. He has been writing for business-to-business IT publications for 11 years, with a primary focus on information security.
Earlier in his career, Mike was an editor and reporter at several Boston-area newspapers. He holds a bachelor’s degree from Stonehill College in North Easton, Massachusetts.