Influenza A virus subtype H5N1 Turkish hacking grouping is encouraging individuals to bring together its DDoS-for-Points platform that features points in addition to prizes for carrying out distributed denial-of-service (DDoS) attacks against a listing of predetermined targets.
The points earned tin dismiss afterwards endure redeemed for diverse online click-fraud in addition to hacking tools.
Dubbed Sath-ı Müdafaa, translated every bit Surface Defense inwards English, this DDoS-for-Points platform is advertised via local Turkish hacking forums, including Turkhackteam in addition to Root Developer.
Surface Defense prompts other hackers inwards Turkey to sign upwards in addition to asks them to onset political websites using a DDoS tool known every bit Balyoz, translated every bit Sledgehammer.
According to Forcepoint safety researchers, who discovered this program, Balyoz industrial plant via Tor in addition to requires a username in addition to password to log in. The tool hence uses a DoS technique to overflowing targets alongside traffic.
Here's How the Balyoz Tool Works
The DDoS traffic is hence routed through Tor to disrupt online services. For every 10 minutes the tool onset a website alongside fraudulent traffic, the player receives a point.
The points tin dismiss hence endure used to obtain rewards including a to a greater extent than powerful version of the Balyoz DDoS attacking tool, "click-fraud" bots that automatically clicks on ads for pay-to-click (PTC) services similar Ojooo in addition to Neobux PTC to generate revenue, in addition to a programme that has powerfulness to infect PCs in addition to scare the victim alongside images in addition to sounds.
The DDoS Tool Contains Hidden Backdoor
The DDoS platform software also contains a hidden backdoor that allows the Surface Defense operator to "hack the hackers," raising concerns over the operator's actual motives.
"The backdoor is a rattling small-scale Trojan in addition to its sole role is to download, extract in addition to execute around other .NET assembly from inside a bitmap image," Forcepoint researchers said.
"It also downloads a secondary 'guard' factor which it installs every bit a service. This 'guard' factor ensures that if the backdoor is deleted hence it volition endure re-downloaded in addition to also installed every bit a service."The listing of predefined targets includes Kurdish websites of the Kurdistan Workers Party (PKK), its military machine fly the People's Defense Force (HPG), an scheme past times NATO members, Kurdish radio in addition to TV stations, Kurdish hacking crews, in addition to more.
Other politically-motivated targets include the Armenian Genocide website, the High German Christian Democratic Party -- which is led past times Angela Merkel -- in addition to many Israeli websites.
"Users tin dismiss also propose novel websites to add together to the listing of targets," Forcepoint researchers said. "There is a alive scoreboard for participants to meet how they compare to other participants."The researchers accept managed to rails downward the IP address of the Surface Defense software, despite running on the Dark Web through Tor.
This evolution helped researchers gathered around information on the hacker's identity, similar the operator mightiness deed nether the handgrip "Mehmet," runs 2 YouTube channels advertising the Balyoz DDoS tool, in addition to the operator is maybe based inwards the Turkish urban center of Eskisehir.
For to a greater extent than technical details on the Surface Defense platform, you lot tin dismiss caput on to the Forcepoint's 30-page question newspaper [PDF] titled, "Sledgehammer - Gamification of DDoS attacks (for ideology, net & mischief)."
