Booter blacklist: Unveiling DDoS-for-hire websites

Santanna, José Jair Cardoso de; Schmidt, Ricardo de O.; Tuncer, Daphné; Vries, J. de; Granville, Lisandro Zambenedetti; Pras, Aiko

doi:10.1109/cnsm.2016.7818410

Cited by 13 publications

(11 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DoS attacks generate large amounts of traffic which overwhelm end-users or web services, taking them offline or making legitimate access impossible [26]. Booter operators advertise customer-facing websites, where individuals can set up accounts and order attacks [54], with payments accepted using digital services such as PayPal or through transfers of cryptocurrency [22,28]. A range of different packages and membership options are available, with $10 to $20 being typical for a month's worth of DoS attacks of sufficient size to disrupt an end-user connection or a website which does not have specialist DoS protection.…”

Section: Introductionmentioning

confidence: 99%

Booting the Booters

Collier

Thomas

Clayton

et al. 2019

Proceedings of the Internet Measurement Conference

View full text Add to dashboard Cite

Illegal booter services offer denial of service (DoS) attacks for a fee of a few tens of dollars a month. Internationally, police have implemented a range of different types of intervention aimed at those using and offering booter services, including arrests and website takedown. In order to measure the impact of these interventions we look at the usage reports that booters themselves provide and at measurements of reflected UDP DoS attacks, leveraging a five year measurement dataset that has been statistically demonstrated to have very high coverage. We analysed time series data (using a negative binomial regression model) to show that several interventions have had a statistically significant impact on the number of attacks. We show that, while there is no consistent effect of highly-publicised court cases, takedowns of individual booters precede significant, but short-lived, reductions in recorded attack numbers. However, more wide-ranging disruptions have much longer effects. The closure of HackForums' booter market reduced attacks for 13 weeks globally (and for longer in particular countries) and the FBI's coordinated operation in December 2018, which involved both takedowns and arrests, reduced attacks by a third for at least 10 weeks and resulted in lasting change to the structure of the booter market. CCS CONCEPTS• Networks → Denial-of-service attacks; • Social and professional topics → Computer crime; • Security and privacy → Social aspects of security and privacy; • Mathematics of computing → Time series analysis.

show abstract

Section: Introductionmentioning

confidence: 99%

Booting the Booters

Collier

Thomas

Clayton

et al. 2019

Proceedings of the Internet Measurement Conference

View full text Add to dashboard Cite

show abstract

“…Selected booter services. We select 4 popular booters (see Table 1) from the booter blacklist [46] based on their Alexa website rank (booter names anonymized). Two of the selected booters (A & B) were later seized by the FBI-led takedown.…”

Section: Self-attack Approachmentioning

confidence: 99%

“…First, we take a control plane perspective on the available booter domains. We use weekly snapshots of all .com/.net/.org domains to identify booter websites by keyword matching following [46] (e.g., "booter", "stresser", "ddos-as-a-service"). This gives us an overview of booter domains before and after the takedown.…”

Section: Domain Perspective On Takedownmentioning

confidence: 99%

“…An extensive body of research on booters is available. These studies cover multiple lines of research including analyses of (1) the booters' leaked databases [10,21,23], (2) booter attacks [8,24,47,57], (3) victims of booters [38], (4) honeypots of servers commonly used for performing booter attacks [25,52], (5) the usage of these honeypots for attribution purposes [31], (6) TLS certificates used by booters [32], (7) booter blacklists and their origins [12,44,46,59], (8) the usage of these blacklists to understand the booter market [45], (9) ethical and legal aspects related to booters [16,18], and (10) the impact of law enforcement operations on booters from a commercial perspective [7,13]. Our contribution.…”

mentioning

confidence: 99%

See 1 more Smart Citation

DDoS Hide & Seek

Kopp¹,

Wichtlhuber²,

Poese³

et al. 2019

Proceedings of the Internet Measurement Conference

View full text Add to dashboard Cite

Booter services continue to provide popular DDoS-as-a-service platforms and enable anyone irrespective of their technical ability, to execute DDoS attacks with devastating impact. Since booters are a serious threat to Internet operations and can cause significant financial and reputational damage, they also draw the attention of law enforcement agencies and related counter activities. In this paper, we investigate booter-based DDoS attacks in the wild and the impact of an FBI takedown targeting 15 booter websites in December 2018 from the perspective of a major IXP and two ISPs. We study and compare attack properties of multiple booter services by launching Gbps-level attacks against our own infrastructure. To understand spatial and temporal trends of the DDoS traffic originating from booters we scrutinize 5 months, worth of inter-domain traffic. We observe that the takedown only leads to a temporary reduction in attack traffic. Additionally, one booter was found to quickly continue operation by using a new domain for its website.

show abstract

“…Critical services can be subject to natural disasters, third-party failures such as power outages, configuration, and other failures. The rise of cyberattacks adds a directed dimension to these challenges, and the range of recent attacks (including Stuxnet [5], the Mirai botnet [6], and WannaCry [7]) has led to a burgeoning cybersecurity industry that supports a huge scientific and engineering effort to prevent attacks, develop mechanisms for ameliorating their effects, and provide forensic support for later investigation [8]. The critical nature of many networked systems and their increasingly intimate effects on the livelihoods (and indeed lives) of an increasing number of people is leading users to mandate specific levels of resilience for certain applications [9], [10].…”

Section: Introductionmentioning

confidence: 99%

Self-Organization and Resilience for Networked Systems: Design Principles and Open Research Issues

et al. 2019

View full text Add to dashboard Cite

| Networked systems form the backbone of modern society, underpinning critical infrastructures such as electricity, water, transport and commerce, and other essential services (e.g., information, entertainment, and social networks).It is almost inconceivable to contemplate a future without even more dependence on them. Indeed, any unavailability of such critical systems is-even for short periods-a rather bleak prospect. However, due to their increasing size and complexity, they also require some means of autonomic formation and self-organization. This paper identifies the design principles and open research issues in the twin fields of self-organization and resilience for networked systems. In combination, they offer the prospect of combating threats and allowing essential services that run on networked systems to continue operating satisfactorily. This will be achieved, on the one hand, through the (self-)adaptation of networked systems and, on the other Manuscript hand, through structural and operational resilience techniques to ensure that they can detect, defend against, and ultimately withstand challenges.

show abstract

Booter blacklist: Unveiling DDoS-for-hire websites

Cited by 13 publications

References 24 publications

Booting the Booters

Booting the Booters

DDoS Hide & Seek

Self-Organization and Resilience for Networked Systems: Design Principles and Open Research Issues

Contact Info

Product

Resources

About