DDoS Attackers on Hire for $5


Security researchers have uncovered a DDoS service which attackers are selling for as little as $5 for an entire hour of DDoS attacks upon a target.

Security researchers from a firm called Imperva have discovered a distributed denial of service (DDoS) attack being sold as a service for as little as $5 an hour on the marketplace Fiverr.

DDoS attacks are among the most disruptive cyberattacks around and could only be found on dark web domains for about $38 an hour, even as recently as a year ago.

As a facade, the providers of the DDoS attacks are offering them as a means for companies to test the strength of their own web servers.

In a blog, Imperva researchers wrote:

Today, DDoS-for-hire companies operate in broad daylight under the guise of “stresser” services. This whitewashed term implies that the service is meant to test the resilience of your own server.

In practice, few bother to ask for any proof of ownership, allowing you to “stress test” whomever you want—just as long as you continue forking over their subscription fees.

The objective, as described by the authors of the listing, is to help companies better prepare for an attack by the cybercriminals.

Related read: DDoS Extortionists Make $100,000 Without DDoS Attacks

Researchers at Imperva probed and queried each poster, asking the question:

Regarding the stress test, does the site have to be my own?

To this, most posters ignored the message. One poster bit and sought to communicate on Skype. It was here that he revealed the following:

Honestly, you [can] test any site. Except government state websites, hospitals.

While this proves that DDoSers have a moral compass, Imperva notified Fiverr of the “stress test” providers, to which the platform responded by removing at least three of the DDoS-for-hire posters. The poster who responded to Imperva researchers via Skype also saw his or her post taken offline.

Noting the actions of Fiverr, Imperva claims that the platform’s endeavor to curb such DDoS-of-hire attackers goes against their common acceptance by the online community.