Gwapo's avatar photo from Hack Forums
Filipino hacker Gwapo reports a booming business selling his services flooding specific websites with Distributed Denial of Service (DDoS) attacks. Gwapo’s business launched in January on Hack Forums, and so far, the 24 year old claims he services “several huge companies daily” who pay him to attack competitors. The capitalistic hacker even offers a five-minute demonstration to “serious customers”, with his regular rates starting at two dollars per hour (depending on both the size of the targeted server and the level of security around it). Payments are accepted via BitCoin, PayPal, or major credit cards.
Taking things further than usual for such underground hacking services, he’s even recruited girls to advertise for him on YouTube.
[yframe url=’http://www.youtube.com/watch?v=ySdaJbgO5gc&feature=channel&list=UL’]
[yframe url=’http://www.youtube.com/watch?feature=player_embedded&v=aCacibJa0Ps’]
How does Gwapo prevents his competition from launching their own DDoS attack on his own website? It appears to be protected by CloudFlare, the same anti-DDoS service who protected the LulzSec hackers’ website from attacks.
In another YouTube video Gwapo made last month, he claims his DDoS attacks aren’t generated by malware infections on individual PC workstations. Rather, he uses stable UDP and Syn floods from a private HTTP botnet. As web servers generally have as much as 1,000 times the resources of an individual PC, they make far more powerful DDoS tools when compromised. Prolexic, an anti-DDoS company, recently released a warning of new DDoS booter scripts in the wild. These stand-alone executable files launch GET and POST floods from compromised HTTP servers on demand, making it easier and less expensive for a hacker to launch a DDoS attack on demand.
If nothing else, all of this illustrates how much money is behind many of the spyware, malware, and server hacks we see on a regular basis. An entire ecosystem has developed where hackers compromise machines for profit, and other companies appear with countermeasures, again for profit. Perhaps its time people rethink the idea of hackers as bored kids, simply causing trouble for the fun of it.
“How does Gwapo prevents his competition from launching their own DDoS
attack on his own website? It appears to be protected by CloudFlare, the
same anti-DDoS service who protected the LulzSec hackers’ website from
attacks.”
So this is basically the same as a security guard helping thieves so you’ll need to hire a security guard?
No, Charles—it’s more like a thief paid by a security firm to go rob a second company—so that the second company will pay them to protect them from thieves.
Or in other words—it’s very like a Mafia “protection” racket. You don’t buy the protection, they arrange for you to get “hit.”