Have botnet prices crashed?

Years ago, my friend John Gilmore told me he thought accounts of the spread of botnets (massive networks of virus-compromised machines that can be used in concert to send spam, attack servers, etc) were overblown, because if botnets were really all-pervasive, then the price of using them should have crashed. Now comes this spam, on one of my personal blogs, and I wonder, has the great botnet price-crash finally hit?

Tired of a competitor's site? Hinder the enemy? Fed pioneers or copywriters?
Kill their sites! How? We will help you in this!
Obstructions of any site, portal, shop!
Different types of attacks: Date-attack, Trash, Attack, Attack, etc. Intellectual
You can work on schedule, as well as the simultaneous attack of several sites.
On average the data, ordered the site falls within 5 minutes after the start. As a demonstration of our capabilities, allows screening.
Our prices
24 hours of attack - $ 70
12 hours of the attack - $ 50
1 hour attack - $ 25

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

More at Boing Boing

Ants and Stars: Bruce Sterling and Jasmina Tesanovic visit the Sardinia Radio Telescope in Italy

The Snowden Principle

Takuan

perspective:
http://www.irc-junkie.org/2006-02-11/ddos-cripples-hospital/
jackm

#5 – Two words: Western Union.

Speaking of money, where does the going rate for this stuff come from anyway? How do the prices for an illegal service like this get set?
Lobster

I’d never pay that kind of money to someone offering a highly cerebral task with such poor English.

“Me do taxes you for now yes?”
Gilgongo

Best consult the oracle on this then: Peter Gutmann

http://www.cs.auckland.ac.nz/~pgut001/

For anyone who’d interested in this stuff, Peter has written some jaw-dropping analyses of the industry of spam, malware and the use of botnets.
bolamig

Cheaper than buying vicodin from a spammer, and probably about as likely to actually get delivered.
mackenzi

Now, I wonder if these botnets are hooked into the cellphone network. Thousands of botnets in chorus on your cell connection to everyone – helping, connecting, transmissioning. This chorus also gives off what’s known as “side-stream radiation.” Anyone within 10 feet of a cell phone device is susceptible.
larsrc

Argument #1: If botnets were all-pervasive, the price should have crashed.

This argument assumes that the botnets are spread among many “owners”. It is just as likely that there’s one or a few owners that hold the majority of bots, just like a few sites (like Google) get way more hits than most others. Since the efficiency of a botnet use is directly proportional to its size, these owners would be able to command higher prices.

Argument #2: A spam email offers DDOS attacks for cheap.

Who knows how big that operation is, or if it even exists? It may be trying to undercut because it doesn’t have the size of the big guns.

Really, there is no data or solid argumentation is this article. Sloppy.
ScruffyNerfHerder

Speaking from second and third hand experience, the botnet is easy but sales are tough to come by and prices are largely determined by willingness to pay. Its the same for “internet surveillance” where you tabulate information on who visits what website by serving ads to them.

Lots of money to be made from some suits, if you’ve got the hustle.
angusm

I’d be interested to see the full message including the URL of the site referenced.

For some reason, joe-jobs are practically a national sport in Russia. I see a lot of spam claiming to offer “bullet-proof” hosting, spam and DDoS services, child porn, stolen credit card lists and other unacceptable content or services, with the message worded in such a way that it’s practically begging for someone to take action. The spams always include the URLs of the site that supposedly offers these services. If you actually follow the URLs, you’ll usually find that the site is either:

a. An anti-spam service or an ISP with strong anti-spam policies, or
b. An ‘underground’ site, such as a carder or hacker forum.

Just from the way this message is written, I could easily believe that it’s either a spanked spammer trying to get revenge, or a ‘black’ site trying to get one of their rivals into trouble.
wynneth

The amusing part here is that they want you to trust someone is illegally accessing pcs and attacking sites WITH YOUR FINANCIAL INFORMATION. What’s to stop them just taking your money? Nothing.
Charlie Stross

Wynneth: carrying out — or commissioning — a DDoS is seriously illegal in many jurisdictions. So anyone buying this service is also a criminal. Do you really expect them to pay for a DDoS attack using a credit card they came by legally?
Takuan

what should be the penalty for commissioning/committing a DDos?

I lean towards a life prison sentence, as should malicious virus writers also get.
larsrc

Takuan: Would you also give a life prison sentence to someone who broke into a company’s server room and yanked the power cord from their server? Same thing. Please grow a perspective. It’s not like we’re talking murder here.
Rider

@larsrc’

While I agree with the sentiment of what you are saying, there is a huge difference between one person pulling a plug at one company, opposed to one person infecting tens of thousands of computers to pull of basically the same stunt.

Also getting servers back online is an esay task compared to trying to block a massive DDoS.
Anonymous

so when i’ve seen the official website of the North Korea i thought someone should do an attack on that…
http://www.korea-dpr.com/

but that was probably a really stupid idea, as some poor soul(s) would probably be tortured and/or shot for this.
Charlie Stross

SPAM ALERT:

(Horny Babe is hitting other threads with similar linkspam. Ironic here, annoying there.)
klobouk

Oh man, mods, can you please just cut the links and leave the spam comments intact? The two thus far are actually pretty amusing.
- Antinous / Moderator
  
  can you please just cut the links and leave the spam comments intact?
  
  If I don’t tag them as spam, they won’t go to the star chamber for interrogation and punishment.
Orky

Takuan: you might really hate malware writers, but what about malware-writer-enablers?
Anonymous

Dang it!

I paid them $70 with PayPal to attack BoingBoing to see if it is legit, but nothing happened!

I am going to complain to the Consumerist now that I didn’t get the DDoS that I paid for!

(Yes, this is a joke.)
dragonfrog

Wynneth: carrying out — or commissioning — a DDoS is seriously illegal in many jurisdictions. So anyone buying this service is also a criminal. Do you really expect them to pay for a DDoS attack using a credit card they came by legally?

Many if not most of the people carrying out and commissioning DDoS attacks are also idiots of the first order – so I really wouldn’t be surprised if a fair number did use their own credit cards.

Of course, you can also send money with your credit card via an intermediary like PayPal – doesn’t help much with traceability, but it doesn’t give the bot-herder your CC information. Or you could just put some banknotes in an envelope and post it to Ghana or wherever the herders operate out of.
dragonfrog

Takuan – how about a real-life DDoS against the perpetrator for the rest of their life? They get a forehead tattoo, which means that from now on everyone else must be served before them, and they must perpetually go to the back of any line.

Want a cup of coffee downtown at 10 AM ? Sorry, you’ll have to hang around till the lines die down around 6 this evening…
Takuan

cutting the heads off malware authors and DDos inflicters won’t prevent either. It will , however, raise the stakes so that those that do will have a damned good reason for doing it.

It’s like human life; assassins SHOULD be expensive.
Or the price of policemen, it should be high.
Takuan

I like that one, Dragon frog! Simple, basic justice and quick too.