Girls hawk DDoS service on YouTube

A hacker is selling a reportedly booming distributed denial of service (DDoS) attack service and has taken to YouTube to pull new clients.

Credit: SC

The service was first launched in January on Hack Forums and has so far recruited several large enterprises who have paid to have rival organisations attacked, the operator Gwapo told SC Magazine.

Gwapo (Filipino for 'handsome') would not reveal the identities of his large clients, nor the industries or countries in which they operate.

He also would not reveal the identity of two American girls who appeared full-faced in YouTube videos spruiking the service to "hackers". One of the girls appeared to be around 14 years old. The other was an older woman wearing a low-cut top.



In an instant message conversation via Skype, Gwapo said he serviced a "few huge companies daily" who were paying to have DDoS attacks made against their rivals.

However he added that he did not ask clients why they wanted to DDoS targets. "As long as they pay me, I will get the job done as long as I can."

Potential targets include large organisations, small websites and gameservers. A five minute demonstration was offered to "serious clients".

The service cost from $2 an hour depending on the size of the targeted webserver and the security around it, and could be paid by PayPal, BitCoin or credit card.

Gwapo boasted his sucess in a video uploaded to YouTube last month. In it, he is seen counting piles of Amercian cash allegedly made from the service.

He said the DDoS attacks were stable UDP and Syn floods made by his private HTTP botnet that contained seven exploits which he said was "very effective on most webservers like Apache , ngix , litespeed , IIS7" among others.

In another YouTube video uploaded in March, he appeared to demonstrate a DDoS against an Eastern European anti-virus company ElementsScanner.

His own site, ddoes.com, was protected by CloudFlare, an anti-DDoS provider which formerly protected LulzSec's website from a barrage of cyber attacks.

In a thread on an underground hacker forum, his DDoS service received dozens of posts from happy clients.

"Gwapo is the king of DDoS. Powerful hits, legit provider, and always helpful!" read one response.

Zombie servers

Botnets weren't needed to conduct successful DDoS. Anti-DDoS company Prolexic released an advisory overnight stating that DDoS booter scripts had made the attacks easier and cheaper to conduct.

It said the standalone files execute GET and POST floods via HTTP from comrpomised web servers.

"With booter shells, DDoS attacks can be launched more readily and can cause more damage, with far fewer machines. Web servers typically have [more than] 1000 times the capacity of a workstation, providing hackers with a much higher yield of malicious traffic" than typical botnets.

Gwapo's DDoS service was one of many similar paid cybercrime offerings. In January, SC revealed a service offering cut-rate traffic that was stolen and redirected from other websites using malcious iFrames.

Many other DDoS services existed on various cybercrime-friendly forums.

Copyright © SC Magazine, Australia