A Turkish hacker is giving out prizes for DDoS attacks

But the DDoS software comes with a hidden backdoor

A hacker in Turkey has been trying to encourage distributed denial-of-attacks by making it into a game, featuring points and prizes for attempting to shut down political websites.

The DDoS platform, translated as Surface Defense in English, has been prompting other hackers in Turkey to sign up and score points, according to security firm Forcepoint which uncovered it.

Users that participate will be given a tool known as Balyoz, the Turkish word for Sledgehammer, that can be used to launch DDoS attacks against a select number of websites.

For every ten minutes they attack a website, the users will be awarded a point, which can then be used to obtain rewards. These prizes include a more powerful DDoS attacking tool, access to bots designed to generate revenue from click fraud,  and a prank program that can infect a computer and scare the victim with sounds and images.

The DDoS platform has been promoted on Turkish hacking forums, and the attack tool involved is designed to only harass 24 political sites related to the Kurds, the German Christian Democratic Party -- which is led by Angela Merkel -- and the Armenian Genocide, and others.

“Users can also suggest new websites to add to the list of targets,” Forcepoint said. “There is a live scoreboard for participants to see how they compare to other participants.”

screen shot 2016 12 07 at 4.47.11 pm Forcepoint

A scoreboard for the competition.

The maker of the DDoS platform also tightly regulates the way users play. For example, the DDoS attack tool given to the participants is designed to run on only one machine, preventing it from being used on multiple computers. This is done to ensure fairness during the competition, according to Forcepoint.

However, it’s not exactly an efficient way to launch a DDoS attack, which are typically done with armies of infected computers that can number in thousands or more.

It’s unclear how many participants the DDoS platform managed to recruit or if it managed to take down any websites. But Forcepoint noticed that the DDoS attack tool given to the participants also contains a backdoor that will secretly install a Trojan on the computer.

The backdoor will only execute on a participant’s machine if they’ve been banned from the competition. Its goal is probably to enslave the computer and form a botnet to launch additional DDoS attacks, Forcepoint said.

The hacker behind the DDoS platform is believed to go by the handle “Mehmet” and is possibly based in the Turkish city of Eskisehir, according to evidence found in Forcepoint’s investigation.  

Although the DDoS attacks are geared at political websites, the participants involved the competition might not be ideologically motivated, and instead could just want access to the hacking tools, Forcepoint said. 

Join the newsletter!

Error: Please check your email address.

More about Forcepoint

Show Comments

Market Place