Analysts from Arbor Networks have been able to get an estimate on the earning of DDoSer per day from a single botnet by leveraging their access to Russian underground hacking forums and their powerful DDoS botnet surveillance platform.

In their experiment, Arbor analysts selected a random threat actor who went under the name of Forceful. While tracking his ads, Arbor experts were able to connect his DDoS-for-hire services with the activity of a previously known botnet, activating from the kypitest[.]ru C&C (command-and-control) server.

A custom piece of malware was created by the Forceful which was then used by him to infect victims and add them to his botnet, which he was controlling through the G-Bot DDoS botnet Web panel, operating from the above domain. Thereafter, Security researchers tracked Forceful’s botnet across time.

DDOS Attack on Red Button on Black Computer Keyboard.

Being a multi-national corporation, Arbor enjoys a rich set of tools to debug malicious activity that happens on the internet. Tools like BladeRunner platform, a monitoring system that watches and logs DDoS attacks, recording their origin and duration.

Using data collected by BladeRunner platform, the research team at Arbor was able to identify many of the attacks sent out from Forceful’s kypitest[.]ru platform, which first became active on July 9, 2015.

With all this information, Arbor analysts took the Forceful’s price list and compared it with the number and length of attacks that originated from his infrastructure, hence reaching a basic estimate for the hacker’s daily revenue.

Forceful advertised his service on hacking forums for $60 for day-long attacks, $400 for week-long attacks and even offered 10% discount on orders above $500, and a 15% price cut on orders above $1,000.

From a previous report issued in January, Arbor estimated $500 per minute cost for a company to fend off attacks.

This is the very reason that DDoS attacks are very effective in blackmailing campaigns as anyone can spend just a few hundred bucks to hire a DDoS botnet and extract thousands from companies unable to fend off attacks.

  • Chuck Baggett

    “anyone can spend just a few hundred bugs” should be a few hundred bucks, not bugs.