Are Stressers representative of a new Internet Mafia? This is the presentation I gave at UNODC Conference last 7th and 8th of June at Hallym University about Linking Organized Crime and Cybercrime.
Are Booter Services (Stresses) Indicative of a new form of organized group online: Internet Mafias?
1. Are Booter Services (Stressers)
indicative of a new form of
organised group online: Internet
Mafias?
Roberto Musotto and David S Wall
Centre for Criminal Justice Studies
School of Law
LOCC 2018
2. Outline
1. Introduction – New Internet Mafias?
2. What are Booter Services (Stressers) & why is it
important to understand them?
3. Are they justifiable or a hidden form of crime-
ware as a service?
4. Are they a new form of organised crime group
online?
5. A case study: StressClub
6. Analysing Stressclub
Transactions and Users
7. Conclusions: What Stressclub tells us about
organised crime groups online?
3. 1. Introduction – New Internet Mafias?
• There has been much speculation in the cybersecurity community about
the growth of internet mafias, but evidence and logic has been less
forthcoming.
• This paper seeks to address this knowledge imbalance by exploring the
development of organised crime groups online.
• We find that most online organised crime groups are ephemeral and not
sustainable, but recent changes in the cyberthreat landscape are creating
high yield cybercrimes and the logic for more sustainable (mafia) type
groups which protect criminals under their wing and invest crime proceeds
in the legitimate economy to increase their wealth, power and influence and
resilience.
• This paper explores some known models of organised cybercrime groups
online and specifically explores a case study, booter services, which can be
used to deliver DDoS attacks, to illustrate the differences and challenges. It
then identifies the main challenges (inc. legal) that organised crime groups
online pose and explores some socio-legal solutions.
• It draws upon TAKEDOWN (EU H2020 700688) and CRiTiCal (EPSRC
4. 2. What are Stressers – Why are
they Important?
•Stressers are fairly typical online
organised crime groups whose
actions have significant impact on the
cyberthreat landscape.
•As brokers they enable other Cyber
OCGs to mount DDoS.
•Online service (for a fee)
•Variable legal status –they are
brokers
•DDoS cause losses in terms of
emerging damage and profit loss
•Honey-pot traps and larger servers to
prevent attacks
•Exponential increase in size and
number of DDoS attacks
5. 3. Are they justifiable or a hidden
form of crime-ware as a service?
• Self-Justified (Tolerated) as penetration testing tool – but
only with site owner consent
• But are also Illegal, as they enable DDoS attacks for hire.
• DDoS punished under US Computer Fraud and Abuse
Act (18 U.S. Code 1030) and UK Computer Misuse Act
(1990,18)
• DDoS tagets: Governmental websites, Business
organisations and Gaming platforms
• Stresser user: young adult (< 20 years old), interest in IT,
low skills-set (script-kiddies)
• They are Ephemeral organisations with Phoenix qualities
– they are regularly taken down and then quickly reborn
6. •Individual criminals
working together
(Service Provider-Clients
and Clients together)
•After the criminal action
is achieved the group
dissolves
•More flexible than
sustainable groups
•No bigger picture
observed – yet!
Common
objective
Unperceivabl
e structure
Enterprise
models of
crime
4. Are they a new form of organised crime
group online? Ephemeral Organisation
7. 5. Case study – Analysis of Stressclub
(2015-2016)
•Stressclub Users
performed DDoS attacks
•$1.99 trials and
subscription
• $3-4000 per month in
earnings
•16 people working
•Bespoke consulting
•Product differentiation
•Noobs and VIPs
•Aspirational market
9. 7. Conclusions: What Stressclub tells us
about organised crime groups online?
• Stressers facilitate DDoS attacks
• They are illegal when used as DDoS-for-hire
• They can be considered as a new form of
organised crime group online (a pre-mafia?)
• Ephemeral, no evidence of long term OCG plan
• Not every subscriber has an active interest in
performing an attack
• More Amazon than Mafia - similar strategy to
online retailers of products and services
• Low criminal offensiveness (a cultural hype?) –
Stressers are invisible, but their clients are not