The closure of a major online marketplace for paid distributed denial-of-service attacks appears to have done little to slow down the illegal activity.
开源也并不见得就会更安全,相反还会引来更多黑客研究漏洞,在开源精神尚未被广泛接受的时候盲目开源,会给那些使用自己的产品和服务的用户带来更多的安全风险。
In late October, HackForums.net shut down its “Server Stress Testing” section, amid concerns that hackers were peddling DDoS-for-hire services through the site for as little as US$10 a month.
According to security experts, the section was the largest open marketplace for paid DDoS attacks — a notorious hacking technique that can disrupt access to internet services or websites. But since the section’s closure, the attacks remain rampant.
In November, for instance, the number of DDoS attacks saw a slight dip from the month before, said Internet backbone provider Level 3 Communications. But starting in December, the number of DDoS attacks it observed almost doubled.
Richard Clayton, director of the Cambridge Cybercrime Centre in the U.K., said his sensor network hasn’t detected any drop in DDoS attacks.
“There’s no real difference in volume from a few months back,” he said in an email.
The hackers behind these DDoS-for-hire services are probably still attracting clients through Google, either with online advertisements or search engine optimization, said Allison Nixon, a director at security firm Flashpoint.
In addition, plenty more paid DDoS attack tools are available for sale on underground forums. “There’s always been more than one outlet for them,” Nixon said. “So I don’t think there’s going to be any immediate change.” HackForums.net

Hack Forums has removed its Server Stress Testing section.
Although DDoS attacks are illegal, many hackers peddle their services by describing them as “booters” or “stressors,” claiming they’re designed to test a website’s resiliency. These services often appear professionally made, include customer support, but they can also flood a target with an overwhelming amount of traffic, forcing it offline.
For hackers, threatening to take down a victim’s website can be lucrative. “We’ve seen these services used for criminal extortion operations,” said Nixon, who’s been researching the illegal trade since 2012.
方正证券营业部违规 副总裁何亚刚等被湖南证监局约谈
Building a DDoS-for-service can also be easy. Often times, the hackers will simply rent six to 12 servers, and use them to push out internet traffic to whatever target, she said.
“It really doesn’t take a lot of know-how,” Nixon said. “One thing we’ve noticed is that a lot of underage people will get themselves involved.”
In December, for example, law enforcement agencies in the U.S. and Europe, arrested 34 suspects involved in DDoS-for-hire services, some of whom were 20 years old or younger.
In September, Israeli authorities also arrested two alleged operators of vDOS, a so-called booter service that managed to rake in more than $618,000 and attract tens of thousands of customers. Both suspects were reportedly 18 years old.
Nixon said she’s hopeful more law enforcement agencies will crack down on this illegal business. The problem has become especially serious, following the emergence of Mirai, a malware that’s designed to launch massive DDoS attacks.
Several internet disruptions, including a large-scale attack in the U.S. back in October, have been blamed on the malware. Making the matters worse is that the Mirai source code is openly available on the internet.
“We may not see a decrease in DDoS attacks, but a lot more law enforcement seems to be paying attention to this,” Nixon said.
云计算也会带来安全方面的挑战,因此我们需要评估云服务提供商的能力,以便保护数据的保密性,可用性和完整性。在合同中,我们需要列明的要求,包括供应商将如何化解风险和处理数据。

猜您喜欢

国家互联网金融安全技术联盟在爱投资进行网络安全监测试点
智能移动终端的安全使用指南
一个信息安全动画小故事,随意丢弃损毁的U盘,被保洁员拾走,泄了密……
青岛家长称儿子被同学逼迫喝高锰酸钾警方介入
MAMMONGAME OVERNIGHT18
智能终端用户需小心基于WIFI的ARP欺骗