DDoSers sell attacks for $5 on Fivver

Many years ago, EFF co-founder John Gilmore and I were discussing the prevalence of botnets, which are commonly used to launch distributed denial of service (DDoS) attacks that overwhelm websites with floods of traffic; John said that if the botnets were really on the rise at the reported rate, we should expect to see a massive crash in the price of DDoS services, following simple supply/demand logic.

I thought the point was so good that I made cheap access to DDoS a plot point in my 2008 novel Little Brother.

Now, researchers from Incapsula have delved into the world of cut-rate DDoS providers, who market their services for $5 a pop on the website Fiverr. The DDoSers figleaf their offerings by calling them "stress testers" that website owners can use to determine whether their sites are configured to handle lots of traffic, but as the Incapsula team found, most will cheerfully attack sites other than your own (though one vendor said he wouldn't attack "government state websites, hospitals").

This just goes to show that even DDoSers have some moral compass, as well as a healthy fear of the government.

With the true capabilities of at least one of the "stress testers" confirmed, we reached out to Fiverr to let them know about the misuse of their service. They were very quick to respond with a promise to have their Trust & Safety team investigate further.

Two days later we saw the results of their efforts. Three of the stresser providers were removed, including our pal Scullzy.

Unmasking DDoS for Hire on Fiverr

[Igal Zeifman and Dan Breslaw/Imperva Incapsula]