Do you think you can't get much for a fiver? Well, it could get you a beer, some overpriced coffee, and rented Distributed denial of service (DDoS) attacks. Yep, it takes only a $5 bill to launch a DDoS attack on a site.
Fight for a five: DDoS-for-hire services offered for $5
Fiverr is a site that helps buyers look for freelancers selling hundreds of different kinds of services. Connecting buyers with professionals you can find service providers who are graphic designers, developers, writers, and apparently hackers, from whom you can hire services for as little as $5. The site was recently found offering Distributed Denial of Service (DDoS) attack for-hire services for as low as US$5.
Incapsula security researchers found and reported those freelancers who were found selling these services under the whitewashed terms of "stresser" or "booter" services. These terms mean that the services are offered to test the resilience of your own server, but we all know the meaning of that. Turning criminal activities into a "commodity," freelancers are offering DDoS-for-hire services, renting out access to a network of infected devices, which then can be used by the "buyer" to launch DDoS attacks. All of this for just $5.
In their research, they found the same stresser services were sold for an average price of $38 an hour last year, which went as low as $19. However, recent reports showed that these services could be hired for as low as five dollars per hour. This price tag is what made them think of Fiverr. "Would DDoS dealers have the audacity to use this platform to push their wares," researchers found themselves asking. And a quick search on the online marketplace confirmed that "in fact, they would."
The service providers were then contacted as the researchers asked them if the target site had to be their own. Why would you want to stress test a website that's not your own, after all? This was the way to ensure that they really were stressers and not criminals. "Honestly, you [can] test any site. Except government state websites, hospitals," was the response they received from one of the freelancers. Fear of government aside, it goes to show how easy it is to hire DDoS services, and that too for just $5.
Fiverr later on removed these so-called stresser providers, which also confirms how easy it is to get rid of these organic viruses. "Next time you encounter an ad for an illegitimate DDoS-for-hire service, take a moment to report it. It’s time to expose this charade by applying some stress to the stressers," said Igal Zeifman and Dan Breslaw of Incapsula.