DDoS-as-a-Service? You Betcha! It’s Cheap, It’s Easy, and It’s Available to Anyone

Linda Musthaler
By | December 06, 2012

Posted in: Network Security Trends

Pssst! Hey, you there! Come over here and keep your voice down! You say you have a business rival you want to put offline? Yeah, no problem. It’ll only cost you 20 bucks an hour for a short term or long term DDoS attack. You want a little taste of how easy this is? Watch this live demo for a few minutes and see your competitor’s website go dark….

OK, enough of the bad movie plot lines. But seriously, folks, it is beyond that easy to buy a DDoS attack service. Don’t believe me? Check out this advertisement for Gwapo’s Professional DDoS Service.


Gwapo is pretty bold about advertising his (or her) DDoS service; he runs multiple ads on YouTube to attract “customers.” (Is anyone else grateful that this is a “professional” service? After all, it would really be bad to have an amateur run your DDoS attack.)

Gwapo claims to have “4 years of DDoSing experience and several years of studying on DDoS protection.” His ad says “you cannot go wrong!” Oh, the irony of that last statement! There are so many things wrong with Gwapo’s illegal “professional” service!

TechWeekEurope actually interviewed a few of the people hired to operate the DDoS attacks. One of the administrators of Gwapo’s “professional service” was a 17 year old high school kid with a small botnet at his disposal. He wasn’t afraid to brag about his DDoSing prowess until TechWeekEurope asked if he’d be bold enough to attack a major banking website. No, he said, he wouldn’t want to get in trouble. Spoken like a true professional who doesn’t want his mom and dad to find out what he does in his basement in his spare time.

While it might be fun to make snarky comments about operations like the one Gwapo is running – and he is not alone in offering DDos-as-a-Service – the fact remains that these underground businesses are a real threat to your business. Literally anyone can hire a hit man to take your website offline for as long as they want. It’s cheap and it’s easy. So the question is, is your company prepared in the event that Gwapo or his contemporaries turn their botnet toward your website? If you can’t answer “yes” to that question, read this post to get started with your defense plan.

Stephen Gates, Security Evangelist at Corero Network Security, notes that today’s traditional technologies like firewalls and IPS solutions were not designed to stop application layer DDoS attacks, and in some instances the attackers may actually target the network’s firewall. What organizations put in place to protect them actually is being used against them,” said Gates. “A new first line of defense has to be put in place to  stop unwanted traffic before it hits the firewall and IPS – allowing those technologies to do the jobs they were built to do.”

Those concerned about their organization’s potential for exposure to DDoS attacks are encouraged to take a free DDoS preparedness assessment test, which provides a customized evaluation and subsequent recommendations based on answers to a short questionnaire. The DDoS assessment, which employs a series of analytical algorithms, can be conducted in a matter of minutes by following the instructions here:  DDoS Preparedness Test.

You May Also Be Interested In: