Turkish hacking group offers cyber criminals rewards for successful DDoS attacks

Points are logged on a scoreboard that can be cashed in for free access to other hacking tools


A gang of Turkish hackers has turned web attacks into a game by offering hackers rewards for taking down chosen pages.

The group is giving loyalty points to hackers for every attack they mount against websites that are run by organisations that oppose Turkey's government; the points can later be swapped for free access to some hacking tools.

Advertisement - Article continues below

Security firm Forcepoint is responsible for discovering the site, called "Surface Defence", and said that the service is offered on the Tor dark web network, using a software tool named Sledgehammer.

Forcepoint said in a report that the tool seeks to knock websites offline via a Distributed Denial of Service (DDoS) attack. Once an attack is successfully completed, a reward of one point is given for every 10 minutes of an attack directed at one of the targets.

Other security experts have been keen to comment on the discovery, such as Tripwire's senior security research engineer, Travis Smith.

"Even though the gamification of the DDoS tool allows individuals from around the world to participation in the attack, the targets are controlled by a centralized command and control server," he said.

Marc Gaffan, general manager for the Incapsula service at Imperva, described the discovery as not only a game changer but a natural evolution of hackers learning and improving on how to monetise their assets and use them for ad hoc purposes, in this case DDoSing a select group of targets.

Advertisement - Article continues below
Advertisement - Article continues below

"The novel part of this is the platform that has been developed to solicit and monitor those that participate in the DDoS activities to ensure they are doing what the masterminds want them to do and in the way they want them to execute the attacks (down to the precise technology they want them to use)," he said.

"The platform itself, if redistributed, could become the new standard for crowdsourcing DDoS attackers."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020