A Turkish hacking community has shed the light on the Surface Defense DDOS hacking platform which is used to “gamify” large-scale attack campaigns.
The Surface Defense DDOS Platform Is Revealed
The latest hacking tool has been revealed by a Turkish hacking community. It is a platform known as Surface Defense which has been advertised in various underground criminal forums found on the Dark Web. The recruiters promote the platform to hackers who may be sympathetic to Turkish nationalist beliefs. In accordance with this the targets of their attacks may range from the Kurdistan Workers Party, the German Christian Democratic Party and others.
The security researchers from Forcepoint Security who discovered the platform state that this is probably the first time when hacking has been gamified. The Surface Defense platform awards points for conducting various DDOS attacks and therefore creates a “hacking competition” for the criminals.
The way the hacking site works is that it awards points based on the succesful hits that the individual has made. The participants use a DDOS attack tool called Sledgehammer which is preconfigured to perform HTTP DDOS attacks against predefined target sites. The attackers receive a point for every 10 minutes of activity. The utility uses the computer’s resources to conduct the attacking using the TOR network for traffic routing. Once a participant has reached a certain amount of pointes they get awarded a feature-rich and complete version of the Sledgehammer tool that they can customize and redistribute themselves. However the utility also contains a backdoor which allows the developers to access the computers that are running it.
Its purpose is to download and execute a .NET assembly from a bitmap image. A secondary component is also installed on the host which enables a persistent installation. And even if the user removes the Sledgehammer program from their computer this guard module will re-download and reinstall it once again. The bitmap image containing the malicious payloads uses the steganography method of hiding data into ordinary looking files. Other rewards include a click fraud bot which includes code snippets that generate revenue using Adfly redirection sites. They are specifically crafted to generate revenue on various pay-to-click sites.
At the moment there have been no reports of attacks caused by the Surface Defense platform. The security experts state that it is possible that the community has not reached the necessary critical mass.