From Russia with Love.exe 4: Geeks, Not Gangsters

You can learn here how much it costs to buy a massive DDoS attack service on Russian hacking forums, and what kind of people those sellers are.

Low-cost DDoS

Low-cost DDoS

The Grugq: So, everyone probably knows Twitter went down some time ago. How much do you think that cost per day, on average? It’s 80 bucks! Come on, 80 bucks to take down a web server!

Yarochkin: It’s a DDoS 911 service. If you translate literally, I think it’s quite funny: “Our service is the best way of getting rid of annoying competitors who don’t allow you to work. The best feature of our service is we work regardless of the thematic of the target site. Immediate assistance in solving your problems – 24-hour support. We have the most affordable prices on the market. The average price is $80 per day. The final price may vary slightly (increase or decrease). And we offer a wholesale discount”.

The Grugq: Alright, there are some other ads as well. We also found a different forum post where there’s a guy called Vlad. He is selling DDoS service for the same price, 80 bucks a day. And some other guy posted, saying: “How do I know you’re good?” And he’s trying to get endorsements from other people who are saying something like: “Vlad is the best man! If you want to take down the Pentagon – you go to Vlad”.

Yarochkin: That’s actually a typical way of selling the service. People are not going to buy stuff unless you get endorsement from a trusted partner on the forum. So whenever you post an advertisement on the forum, you would normally include links to endorsements, where other people on the forum say: “Yeah, I’ve bought this service, it really works”. Some will say: “I’ll give you 5 minutes of free testing service”.

The Grugq: Yeah, what a lot of these guys offer is they can give a free test where they can take down a site for a short period of time to show that they can do it. And then you can actually purchase the full day of DDoS.

Yarochkin: So, if your site gets DDoSed for about 5 minutes, get ready for some more serious stuff.

The Grugq: As long as it takes the WMZ to get transferred between accounts – that’s how long you have before you go down.

Yarochkin: Do you remember Twitter being down for a few days? Do you know what the reason was? Basically, a Georgian dissident who was tweeting and blogging on LiveJournal – and LiveJournal was actually DDoSed last year – and what they did is they blocked one of this guy’s accounts, but the other accounts were still accessible. Speaking about Twitter, they didn’t differentiate – so the whole Twitter went down for 2-3 days.

The Grugq: That’s 160 dollars’ worth of DDoS services to take Twitter down. And it’s all because this guy pissed off some people who have access to WebMoney accounts and can read Russian.

Yarochkin: Yeah, 80 bucks – well, I can afford it.

The Grugq: So, we’re going to do conclusions.

Yarochkin: And then we can maybe show you some other funny examples.

The takeaways

The takeaways

The Grugq: Yeah, we have lots of porn that we’ve downloaded on these sites as well. We’ll look at that. Okay, one of the main things that we didn’t mention at all but I’d really like you guys to take away from this is that the people on these forums are geeks, not gangsters. Everyone has this impression that the Russian hacking scene is dominated by the mafia. As far as we can tell, that’s not the case. A lot of these guys are high school students, college students, sysadmins that have too much free time and access to computers. They are not, like, hardcore mafia. They are guys who, when they get angry, will spend 80 bucks and have your website taken down. They are not the people with prison tattoos, they can’t do that anyway. They are basically young kids who are a bit dumb, and they are making pretty small amounts of money – 80 bucks to take down Twitter is not good money for a value. What we’ve seen is a lot of this is youth culture. Everyone remembers back in the late 90s, early 2000s, when they had the “hacker renaissance“, everyone was talking in leet and k-rad.

Yarochkin: There’s a market for beautiful ICQ numbers. Who knows what’s the difference between 8-digit ICQ number and 6-digit ICQ number? Expiration date. So, if you have a 6-digit ICQ number – you’ve been on the scene for a long time.

The Grugq: Yeah, it means you were back in the day, man…So, a lot of this is basically youth culture stuff, like these deliberate misspellings, this hard lingo. They use some Russian prison slang, but it’s not real “Fenya”, not the real Russian prison slang – it’s actually a dialect of Russian. So people who are long-term prison inmates learn real “Fenya” and they’ll speak in “Fenya”, not in Russian. And what these guys do is, to basically build a bit of cred, they use some “Fenya” themselves to show, like, “Hey man, I know a couple of words of “Fenya”, I’m pretty hardcore”. But the thing is, they have to use “Fenya” words that everyone else knows, otherwise no one knows what the fuck they’re talking about.

Yarochkin: For most of the goods they’re trading with, they’ve got a separate word to denote those. For example, dedicated server – they just call it “dedic”, which, when spelled out in Russian (“дедик”), means “old man”.

The Grugq: Yeah, as you’ve noticed, a lot of it is actually based on English stuff. Also, what we’ve seen is that these dudes are actually profit-driven, which is kind of cool – they are making some effort to make money, they are just not very good at it.

Read previous: From Russia with Love.exe 3: Money Laundering and Botnet Services

Read next: From Russia with Love.exe 5: Questions and Answers

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: