A Turkish cyberattack organisation is luring people to join a DDoS height to contest for points by games that can be redeemed for hacking tools.
The platform, dubbed Surface Defense, asks hackers to conflict domestic websites regulating a distributed denial-of-service (DDoS) apparatus called Balyoz, translated as Sledgehammer.
In sequence to participate, users recruited from hacking forums contingency download a Surface Defense partnership module and register. The height module afterwards runs locally on a PC, call a download of a DDoS conflict apparatus to conflict a singular list of aim websites.
Traffic is afterwards routed by Tor to interrupt online services.
For each 10 mins spent hammering these websites with fake traffic, participants accept one indicate that can be traded for collection including a standalone chronicle of Sledgehammer for conducting their possess DDoS attacks and “click-fraud” bots used to beget income by pay-to-click schemes.
In sequence to inspire healthy competition, a height also runs a live scoreboard. Some users have already racked adult hundreds of points.
According to Forcepoint Security Labs (.PDF) that detected a intrigue in Turkish Dark Web hacking forums Turkhackteam and Root Developer, a sum of 24 websites are on a stream list of targets.
Kurdish media, a website owned by a Armenian National Institute, a German Christian Democratic Party website, and Israeli domains are all included.
However, it is not a riot for Surface Defense participants.
Each user has to promulgate with a Surface Defense command-and-control (CC) core to substantiate themselves and a module will not run in practical machines — preventing hackers from using a height on mixed systems during a same time to shelve adult additional points.
The height module also includes a dark backdoor that allows a Surface Defense user to “hack a hackers” in turn, that raises questions concerning a operator’s loyal motives.
“The backdoor is a really tiny Trojan and a solitary purpose is to download, remove and govern another .NET public from within a bitmap image,” a researchers say. “It also downloads a delegate ‘guard’ member that it installs as a service. This ‘guard’ member ensures that if a backdoor is deleted afterwards it will be re-downloaded and also commissioned as a service.”
The researchers trust that a user might act underneath a hoop “Mehmet” and runs dual YouTube channels that publicize a Sledgehammer DDoS tool.
Carl Leonard, principal confidence researcher during Forcepoint told Threat Post:
“Surface Defense creates a really singular hacker village we have never seen before. This complement has been really deftly designed to interest to participants with mixed motivations.
But eventually a participants can be backdoored themselves and turn a plant to attack.”