Call it Craigslist for cyber criminals: hackers are now openly advertising their illicit services on online forums, where anybody who has a vendetta and a few bucks can hire a hacker to take down the website of their choice.
For his Krebs on Security blog, noted researcher Brian Krebs patrolled several underground forums and found members offering to launch distributed denial-of-service (DDoS) attacks at an average price of $5 to $10 per hour.
For $40 to $50 per hour, the shady computer crooks will launch a day's worth of attacks; the average price for a week is $350 to $400 and $1,200 for a month of havoc.
Hopefully most people will never employ the services of one of these hackers-for-hire. DDoS attacks, however — in which a large network, or "botnet," of automated computers flood a particular website with so much Web traffic that it effectively shuts down — may be using your computer whether you know it or not.
"The unwitting conscripts in these cyber armies are hacked PCs that the service owners remotely control via malicious software," Krebs wrote. The more bots a criminal controls, the more damage they can do.
The operators of the Darkness DDoS bot, Krebs found, even provide a reference on their forum that explains what kind of attacks could result based on the number of bots purchased.
To "knock offline a relatively small site," all it takes is a network of 15 to 30 computers. About 250 to 280 bots could take down an average site; 750 to 800 could take down a large site; 2,000 to 2,500 could knock down a "great site with Anti-DDoS protection"; 4,300 to 4,700 could shut down a group of websites; and 15,000 to 20,000 bots could "take offline virtually any site with any protection."
To make sure your own PC doesn't become part of a cyber criminal's botnet, update your anti-virus software, stay away from sites that offer pirated software or media files and don't open any email attachments you're not expecting.