How to sabotage DDoS-for-hire services?

We all know the damage that DDoS-for-hire services can inflict on websites and organizations behind them.

What is less known is that a simple move like making PayPal seize the accounts through which the people offering booter (or stresser) services get paid can make business much more difficult for them and, in some cases, can result in some of them going out of business.

Another thing that could help decimate these services is if CloudFlare would stop providing them with protection against DDoS attacks (these services are often targets of DDoS attacks by their competitors).

“All 15 booters in our study use CloudFlare’s DDoS protection services to cloak the ISP hosting their frontend servers and to protect them from abuse complaints and DDoS attacks,” a group of researchers that analyzed the booter market pointed out.

Among the other things that they discovered are that:

  • A large amount of DDoS attacks are being launched by relatively unsophisticated attackers that have purchased subscriptions to low-cost DDoS-for-hire services
  • Customers of booter services prefer paying via PayPal and are not that fond of Bitcoin
  • Some operators of booter services prefer renting high-bandwidth Virtual Private Servers for attacks rather than to rely on botnets
  • According to geolocation information provided by PayPal, over 44% of the customer and merchant PayPal accounts associated with booters are likely owned by US-based individuals
  • Booter services offer different kinds of attacks, but amplified volume-based attacks is the preferred one.

“Our hope is that by continuing to explore new methods for understanding and undermining booters, we can identify increasingly effective methods of adding friction, cost and risk to these ventures that further erodes their attack potency, scale and profitability over time,” the researchers concluded.

Share this