Browse archive

Latest news

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Facebook, Microsoft and Apple disclose little on U.S. government data requests

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Cisco teams with IBM, Lancope, LogRhythm, Splunk and Symantec

Secure automated archiving from Imation

Red Hat unveils OpenStack certification and solution marketplace

Asia-wide targeted campaign drops backdoor, RAT

ISC-CERT warns about medical devices with hard-coded passwords

Hacking charge stations for electric cars

TDoS-as-a-service ads pop up on publicly accessible forums

Posted on 13 February 2013.

In the past, aspiring cybercriminals with no coding knowledge had to find a way into invite-only underground forums or had to spend hours in chat rooms to gain the trust of potential "colleagues" in order to acquire the tools they needed to have to start their life of cybercrime.

But, times have changed, says Webroot's Dancho Danchev, and providers of malicious tools and services have obviously been forced to start offering their wares on publicly accessible forums in order to attract new customers.

The offers are various, and among them can also be found providers of so-called Telecommunications Denial of Service (TDoS) attacks.

These type of attacks are often mounted when cyber crooks syphon money out bank accounts via fraudulent transactions. If noticed by the bank or the client, they can be easily blocked or reversed before the money mules manage to extract the stolen money.

To prevent the customer contacting the bank by phone and vice versa, the criminals either mount the TDoS attacks themselves or retain the services of those who specialize in it.

But, there are also other potential buyers of such services - ones that these out-in-the-open ads target specifically, I suspect - otherwise legitimate companies that want to disrupt their rivals' ability to do business by blocking their land and mobile lines.

And if the prices cited by the service discovered by Danchev are anything to go by, TDoSsing someone does not require that much money:

From 1 hour to 1 day – 3 USD per hour 1 number
From 1 day to 1 week – 40 USD per night 1 number
From 1 week to 2 weeks – 30 USD per night 1 number
From 2 weeks to 1 month – 25 USD per night 1 number
1 month – the price is negotiated individually

The service's customers are offered a "test flood" for free to see how efficient it is, and can even pay in installments. The calls are made from a variety of numbers that don't start with the same digits, so that the target can't simply blacklist a specific range of numbers. Those that get blacklisted get replaced by new ones ("Phone of the victim will still be busy," they claim).