DDoS-as-a-Service: Investigating Booter Websites

José Jair Cardoso de Santanna

Research output: ThesisPhD Thesis - Research UT, graduation UTAcademic

940 Downloads (Pure)

Abstract

Why should you care about Distributed Denial of Service (DDoS) attacks? If your Internet home connection would be the target of a DDoS attack, then not only your connectivity is gone, but also your telephone and TV programs. This is because many homes have triple-play-service (a package offered by Internet providers that includes TV programs and telephone service together with the Internet connectivity). Looking from a company perspective, in 2015, small and medium companies reported spending more than $US50,000 recovering from a DDoS attack, while large corporations reported an average $US410,000. This figure increased drastically in 2017: large corporations reported $US2.5M in revenue loss as a consequence of a DDoS attack. Given the rapid increase observed above, we can expect that these costs will continue to rise, just as our society's increased dependence on networked services.

Until 2013, DDoS attacks were something that only a (relatively) skilled hacker could perform, and that required specialist knowledge. In 2013, the hacker community began offering DDoS attacks via Websites easily findable via popular searching engines (Google and Bing). Websites called ``booters'' and ``stressers'' offer, for very affordable prices, for example, starting from less than $US5, to perform as many DDoS attacks as requested for a month period. Between 2014 and 2017 booters were considered by network security companies to be the main responsible for the increase in (DDoS) attack power and frequency, making the investigation in this thesis even more critical and timely.

The main contributions of this these are that we show: (1) how to find booters, (2) how to detect their clients accessing and using them, (3) the characteristics of their attacks, (4) what third-party companies are used by them to maintain their operations, (5) which booters are the most dangerous and (6) which ethical arguments can be used to support mitigation actions against them. Finally, while the core of this thesis is based on scientific publications, a number of solutions proposed in this thesis are actively deployed by network operators worldwide. In addition to this, the methodologies in this thesis are used by the Dutch High Tech Crime Unit for collecting evidences for prosecution cases.
Original languageEnglish
Awarding Institution
  • University of Twente
Supervisors/Advisors
  • Pras, Aiko , Supervisor
  • Granville, Lisandro Zambenedetti, Supervisor
  • de Oliveira Schmidt, Ricardo , Supervisor
Award date17 Nov 2017
Place of PublicationEnschede
Publisher
Electronic ISBNs978-90-365-4429-0
DOIs
Publication statusPublished - 17 Nov 2017

Fingerprint

Websites
Industry
Internet
Telephone
Denial-of-service attack
Crime
Network security
Engines
Costs

Keywords

  • DDoS attacks
  • Booter
  • stresser
  • ddos-as-a-service

Cite this

Cardoso de Santanna, J. J. (2017). DDoS-as-a-Service: Investigating Booter Websites. Enschede: University of Twente. https://doi.org/10.3990/1.9789036544290
Cardoso de Santanna, José Jair. / DDoS-as-a-Service : Investigating Booter Websites. Enschede : University of Twente, 2017. 183 p.
@phdthesis{2d2e34c7c0514c258ccf688d979fb74a,
title = "DDoS-as-a-Service: Investigating Booter Websites",
abstract = "Why should you care about Distributed Denial of Service (DDoS) attacks? If your Internet home connection would be the target of a DDoS attack, then not only your connectivity is gone, but also your telephone and TV programs. This is because many homes have triple-play-service (a package offered by Internet providers that includes TV programs and telephone service together with the Internet connectivity). Looking from a company perspective, in 2015, small and medium companies reported spending more than $US50,000 recovering from a DDoS attack, while large corporations reported an average $US410,000. This figure increased drastically in 2017: large corporations reported $US2.5M in revenue loss as a consequence of a DDoS attack. Given the rapid increase observed above, we can expect that these costs will continue to rise, just as our society's increased dependence on networked services.Until 2013, DDoS attacks were something that only a (relatively) skilled hacker could perform, and that required specialist knowledge. In 2013, the hacker community began offering DDoS attacks via Websites easily findable via popular searching engines (Google and Bing). Websites called ``booters'' and ``stressers'' offer, for very affordable prices, for example, starting from less than $US5, to perform as many DDoS attacks as requested for a month period. Between 2014 and 2017 booters were considered by network security companies to be the main responsible for the increase in (DDoS) attack power and frequency, making the investigation in this thesis even more critical and timely. The main contributions of this these are that we show: (1) how to find booters, (2) how to detect their clients accessing and using them, (3) the characteristics of their attacks, (4) what third-party companies are used by them to maintain their operations, (5) which booters are the most dangerous and (6) which ethical arguments can be used to support mitigation actions against them. Finally, while the core of this thesis is based on scientific publications, a number of solutions proposed in this thesis are actively deployed by network operators worldwide. In addition to this, the methodologies in this thesis are used by the Dutch High Tech Crime Unit for collecting evidences for prosecution cases.",
keywords = "DDoS attacks, Booter, stresser, ddos-as-a-service",
author = "{Cardoso de Santanna}, {Jos{\'e} Jair}",
note = "CTIT Ph.D. thesis Series No. 17-448, ISSN 1381-3617",
year = "2017",
month = "11",
day = "17",
doi = "10.3990/1.9789036544290",
language = "English",
publisher = "University of Twente",
address = "Netherlands",
school = "University of Twente",

}

Cardoso de Santanna, JJ 2017, 'DDoS-as-a-Service: Investigating Booter Websites', University of Twente, Enschede. https://doi.org/10.3990/1.9789036544290

DDoS-as-a-Service : Investigating Booter Websites. / Cardoso de Santanna, José Jair.

Enschede : University of Twente, 2017. 183 p.

Research output: ThesisPhD Thesis - Research UT, graduation UTAcademic

TY - THES

T1 - DDoS-as-a-Service

T2 - Investigating Booter Websites

AU - Cardoso de Santanna, José Jair

N1 - CTIT Ph.D. thesis Series No. 17-448, ISSN 1381-3617

PY - 2017/11/17

Y1 - 2017/11/17

N2 - Why should you care about Distributed Denial of Service (DDoS) attacks? If your Internet home connection would be the target of a DDoS attack, then not only your connectivity is gone, but also your telephone and TV programs. This is because many homes have triple-play-service (a package offered by Internet providers that includes TV programs and telephone service together with the Internet connectivity). Looking from a company perspective, in 2015, small and medium companies reported spending more than $US50,000 recovering from a DDoS attack, while large corporations reported an average $US410,000. This figure increased drastically in 2017: large corporations reported $US2.5M in revenue loss as a consequence of a DDoS attack. Given the rapid increase observed above, we can expect that these costs will continue to rise, just as our society's increased dependence on networked services.Until 2013, DDoS attacks were something that only a (relatively) skilled hacker could perform, and that required specialist knowledge. In 2013, the hacker community began offering DDoS attacks via Websites easily findable via popular searching engines (Google and Bing). Websites called ``booters'' and ``stressers'' offer, for very affordable prices, for example, starting from less than $US5, to perform as many DDoS attacks as requested for a month period. Between 2014 and 2017 booters were considered by network security companies to be the main responsible for the increase in (DDoS) attack power and frequency, making the investigation in this thesis even more critical and timely. The main contributions of this these are that we show: (1) how to find booters, (2) how to detect their clients accessing and using them, (3) the characteristics of their attacks, (4) what third-party companies are used by them to maintain their operations, (5) which booters are the most dangerous and (6) which ethical arguments can be used to support mitigation actions against them. Finally, while the core of this thesis is based on scientific publications, a number of solutions proposed in this thesis are actively deployed by network operators worldwide. In addition to this, the methodologies in this thesis are used by the Dutch High Tech Crime Unit for collecting evidences for prosecution cases.

AB - Why should you care about Distributed Denial of Service (DDoS) attacks? If your Internet home connection would be the target of a DDoS attack, then not only your connectivity is gone, but also your telephone and TV programs. This is because many homes have triple-play-service (a package offered by Internet providers that includes TV programs and telephone service together with the Internet connectivity). Looking from a company perspective, in 2015, small and medium companies reported spending more than $US50,000 recovering from a DDoS attack, while large corporations reported an average $US410,000. This figure increased drastically in 2017: large corporations reported $US2.5M in revenue loss as a consequence of a DDoS attack. Given the rapid increase observed above, we can expect that these costs will continue to rise, just as our society's increased dependence on networked services.Until 2013, DDoS attacks were something that only a (relatively) skilled hacker could perform, and that required specialist knowledge. In 2013, the hacker community began offering DDoS attacks via Websites easily findable via popular searching engines (Google and Bing). Websites called ``booters'' and ``stressers'' offer, for very affordable prices, for example, starting from less than $US5, to perform as many DDoS attacks as requested for a month period. Between 2014 and 2017 booters were considered by network security companies to be the main responsible for the increase in (DDoS) attack power and frequency, making the investigation in this thesis even more critical and timely. The main contributions of this these are that we show: (1) how to find booters, (2) how to detect their clients accessing and using them, (3) the characteristics of their attacks, (4) what third-party companies are used by them to maintain their operations, (5) which booters are the most dangerous and (6) which ethical arguments can be used to support mitigation actions against them. Finally, while the core of this thesis is based on scientific publications, a number of solutions proposed in this thesis are actively deployed by network operators worldwide. In addition to this, the methodologies in this thesis are used by the Dutch High Tech Crime Unit for collecting evidences for prosecution cases.

KW - DDoS attacks

KW - Booter

KW - stresser

KW - ddos-as-a-service

U2 - 10.3990/1.9789036544290

DO - 10.3990/1.9789036544290

M3 - PhD Thesis - Research UT, graduation UT

PB - University of Twente

CY - Enschede

ER -

Cardoso de Santanna JJ. DDoS-as-a-Service: Investigating Booter Websites. Enschede: University of Twente, 2017. 183 p. https://doi.org/10.3990/1.9789036544290