Exploring the Provision of Online Booter Services

Hutchings, Alice; Clayton, Richard

doi:10.1080/01639625.2016.1169829

Cited by 85 publications

(77 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Regression coefficients for the linear model displayed in Figure 6 are significant at the 5% level for MALWARE (β = 0.43, p = 0.05) and EKIT (β = −0.28, p = 0.02) but not significant for STANDALONE packages (β = 0.23, p = 0.14). We find that 'consumer' services such as EKIT products are becoming more easily available to the users, a figure compatible with the increasing trend of 'commodified' attacks delivered in the wild [7,35,42,56], whereas the remaining more 'specialized' sector of the market seems to be inflating. We do not find any significant association between number of exploits in the package and package price.…”

Section: Exploit Packagesmentioning

confidence: 55%

Economic Factors of Vulnerability Trade and Exploitation

Allodi

2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Cybercrime markets support the development and diffusion of new attack technologies, vulnerability exploits, and malware. Whereas the revenue streams of cyber attackers have been studied multiple times in the literature, no quantitative account currently exists on the economics of attack acquisition and deployment. Yet, this understanding is critical to characterize the production of (traded) exploits, the economy that drives it, and its effects on the overall attack scenario. In this paper we provide an empirical investigation of the economics of vulnerability exploitation, and the effects of market factors on likelihood of exploit. Our data is collected first-handedly from a prominent Russian cybercrime market where the trading of the most active attack tools reported by the security industry happens. Our findings reveal that exploits in the underground are priced similarly or above vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle of exploits is slower than currently often assumed. On the other hand, cybercriminals are becoming faster at introducing selected vulnerabilities, and the market is in clear expansion both in terms of players, traded exploits, and exploit pricing. We then evaluate the effects of these market variables on likelihood of attack realization, and find strong evidence of the correlation between market activity and exploit deployment. We discuss implications on vulnerability metrics, economics, and exploit measurement.Comment: 17 pages, 11 figures, 14 table

show abstract

Section: Exploit Packagesmentioning

confidence: 55%

Economic Factors of Vulnerability Trade and Exploitation

Allodi

2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…While not all the contents and goods posted on these forums are illegal, their origin or use may be. Interacting within these communities can be a stepping stone towards more serious online criminal activities [18,20,21]. For example, following the leak of the Mirai source code, DDoS attacks have used this botnet and its variants [2].…”

Section: Scraping Underground Forumsmentioning

confidence: 99%

CrimeBB

Pastrana

Thomas

Hutchings

et al. 2018

Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW '18

Self Cite

View full text Add to dashboard Cite

Underground forums allow criminals to interact, exchange knowledge, and trade in products and services. They also provide a pathway into cybercrime, tempting the curious to join those already motivated to obtain easy money. Analysing these forums enables us to better understand the behaviours of offenders and pathways into crime. Prior research has been valuable, but limited by a reliance on datasets that are incomplete or outdated. More complete data, going back many years, allows for comprehensive research into the evolution of forums and their users. We describe CrimeBot, a crawler designed around the particular challenges of capturing data from underground forums. CrimeBot is used to update and maintain CrimeBB, a dataset of more than 48m posts made from 1m accounts in 4 different operational forums over a decade. This dataset presents a new opportunity for large-scale and longitudinal analysis using up-to-date information. We illustrate the potential by presenting a case study using CrimeBB, which analyses which activities lead new actors into engagement with cybercrime. CrimeBB is available to other academic researchers under a legal agreement, designed to prevent misuse and provide safeguards for ethical research. CCS CONCEPTS• Information systems → Web crawling; • Security and privacy → Social aspects of security and privacy;

show abstract

“…DoS attacks generate large amounts of traffic which overwhelm end-users or web services, taking them offline or making legitimate access impossible [26]. Booter operators advertise customer-facing websites, where individuals can set up accounts and order attacks [54], with payments accepted using digital services such as PayPal or through transfers of cryptocurrency [22,28]. A range of different packages and membership options are available, with $10 to $20 being typical for a month's worth of DoS attacks of sufficient size to disrupt an end-user connection or a website which does not have specialist DoS protection.…”

Section: Introductionmentioning

confidence: 99%

Booting the Booters

Collier

Thomas

Clayton

et al. 2019

Proceedings of the Internet Measurement Conference

Self Cite

View full text Add to dashboard Cite

Illegal booter services offer denial of service (DoS) attacks for a fee of a few tens of dollars a month. Internationally, police have implemented a range of different types of intervention aimed at those using and offering booter services, including arrests and website takedown. In order to measure the impact of these interventions we look at the usage reports that booters themselves provide and at measurements of reflected UDP DoS attacks, leveraging a five year measurement dataset that has been statistically demonstrated to have very high coverage. We analysed time series data (using a negative binomial regression model) to show that several interventions have had a statistically significant impact on the number of attacks. We show that, while there is no consistent effect of highly-publicised court cases, takedowns of individual booters precede significant, but short-lived, reductions in recorded attack numbers. However, more wide-ranging disruptions have much longer effects. The closure of HackForums' booter market reduced attacks for 13 weeks globally (and for longer in particular countries) and the FBI's coordinated operation in December 2018, which involved both takedowns and arrests, reduced attacks by a third for at least 10 weeks and resulted in lasting change to the structure of the booter market. CCS CONCEPTS• Networks → Denial-of-service attacks; • Social and professional topics → Computer crime; • Security and privacy → Social aspects of security and privacy; • Mathematics of computing → Time series analysis.

show abstract

Exploring the Provision of Online Booter Services

Cited by 85 publications

References 15 publications

Economic Factors of Vulnerability Trade and Exploitation

Economic Factors of Vulnerability Trade and Exploitation

CrimeBB

Booting the Booters

Contact Info

Product

Resources

About