Hackers are leaving no stone unturned in creating troubles through their social engineering antics. This time, however, they have devised a completely new and innovative technique for attacking websites.
Reportedly, a group of Turkish hackers has created a DDoS platform luring unsuspecting individuals to join the platform and conduct DDoS attacks. The winning players receive points and they can redeem their points by winning an unlocked version of the notorious Sledgehammer hacking tool.
This DDoS platform is dubbed as Surface Defense. The creators of this platform ask players (who mostly are other hackers) to attack any of the political websites that is listed on their list through Balyoz or Sledgehammer, which is a DDoS tool. To participate, players need to download the collaboration software of Surface Defense and get registered after which they can run this program locally on a PC. To disrupt online services, traffic is routed via Tor.
For every ten minutes spent on the attacked website by bombarding it with fake traffic, one point will be given to the attacker. This point will then be traded with the standalone version of Sledgehammer that can be fully customized by them and sold to other hackers too.
To maintain healthy competition among the participants, a live scoreboard is shown on the forum so that everyone is aware of the earned points. Some of the users have already made hundreds of points.
This new scheme of launching DDoS at selected websites was identified by Forcepoint Security Labs. The scheme was discovered at the Turkish Dark Web hacking forums Turkhackteam and Root Developer while there are approx. 24 websites that are currently on their hit list. Some of the target websites include an Armenian National Institute’s website Kurdish Media, few Israeli domains and a German Christian Democratic Party websites.
It is worth noting that the participation criteria is not as simple and free-for-all, there are certain conditions to be met such as the participants will have to communicate with the command-and-control center of Surface Defense to authenticate themselves. Otherwise, the software will not run on their PC. This will prevent the players from running the platform on various systems simultaneously in order to earn more points.
Surface Defense also has a hidden backdoor that lets the operator of this software to “hack the hackers” too. According to Forcepoint researchers, this backdoor is actually a Trojan, the sole purpose of which is to “to download, extract and execute another .NET assembly from within a bitmap image.”
Researchers further noted that this backdoor “also downloads a secondary ‘guard’ component which it installs as a service. This ‘guard’ component ensures that if the backdoor is deleted then it will be re-downloaded and also installed as a service.”
“Sledgehammer DDoS tool and “click-fraud” bots used to generate revenue on pay-to-click (PTC) sites,” Forcepoint.
As per the analysis of researchers, the operator act under the “Mehmet” handle as they run two YouTube channels that are used to market the Sledgehammer DDoS tool. Chief security analyst at Forcepoint, Carl Leonard stated that:
“Surface Defense creates a very unique hacker community we have never seen before. This system has been very cleverly designed to appeal to participants with multiple motivations. But ultimately the participants can be backdoored themselves and become a victim to attack.”
Forcepoint has noted that this is the very first time when a hacker has tried to use a hacking platform not only to attack websites of potential importance but also to put every hacker against the other.
A sledgehammer is a tool that is already preconfigured for performing HTTP-based Slowloris-type DDoS attacks. The software utilizes the computer’s resources to carry out the attack and routes the DDoS traffic through Tor.
It is not yet clear whether the hacking group has managed to knock down any of their target websites. Remember, Turkhackteam has been known for targeting Kurdish, UN, NATO, WHO and Red Cross websites. Let’s see what next from them.