Turkish hacking group offers cyber criminals rewards for successful DDoS attacks

Points are logged on a scoreboard that can be cashed in for free access to other hacking tools

Hacker

A gang of Turkish hackers has turned web attacks into a game by offering hackers rewards for taking down chosen pages.

The group is giving loyalty points to hackers for every attack they mount against websites that are run by organisations that oppose Turkey's government; the points can later be swapped for free access to some hacking tools.

Security firm Forcepoint is responsible for discovering the site, called "Surface Defence", and said that the service is offered on the Tor dark web network, using a software tool named Sledgehammer.

Forcepoint said in a report that the tool seeks to knock websites offline via a Distributed Denial of Service (DDoS) attack. Once an attack is successfully completed, a reward of one point is given for every 10 minutes of an attack directed at one of the targets.

Other security experts have been keen to comment on the discovery, such as Tripwire's senior security research engineer, Travis Smith.

"Even though the gamification of the DDoS tool allows individuals from around the world to participation in the attack, the targets are controlled by a centralized command and control server," he said.

Marc Gaffan, general manager for the Incapsula service at Imperva, described the discovery as not only a game changer but a natural evolution of hackers learning and improving on how to monetise their assets and use them for ad hoc purposes, in this case DDoSing a select group of targets.

"The novel part of this is the platform that has been developed to solicit and monitor those that participate in the DDoS activities to ensure they are doing what the masterminds want them to do and in the way they want them to execute the attacks (down to the precise technology they want them to use)," he said.

"The platform itself, if redistributed, could become the new standard for crowdsourcing DDoS attackers."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020