Security researchers have come across a group in Turkey that has not only ‘gamified’ distributed denial of service (DDoS) attacks, but it also rewarding hackers to carry out attacks on their intended targets.
The ‘gamification’ of hacking was highlighted first by researchers at Forcepoint who reveal in their report [PDF] of how a single piece of malware led them to a site that revealed a lot about the activities of this group and how they are rewarding hackers with a point for attacking designated targets for every 10 minutes.
“Individuals gain points by participating in these DDoS attacks, which are then exchanged for software that enable them to perform online fraud”, notes the report. Security researchers at the company also found that hackers from across Turkey came together to perform Distributed Denial of Service (DDoS) attacks on a target list of organisations.
These points are akin to loyalty points and these points are logged on a scoreboard offered by a website named ‘Surface Defence’. While the scoreboard may provide a level of satisfaction to some, the whole thing goes beyond that. According seen in the report, the topper on the scoreboard had a score of 450 points.
These attacks are launched against those who oppose the Turkey government, including 24 political sites related to the Kurds, the German Christian Democratic Party (led by Angela Merkel), and more.
Hackers can cash-in their loyalty points to gain access to new hacking tools like Sledgehammer that can be used to launch DDoS attacks, and a ‘prank tool’ called ‘Kabus’ that can be used to scarce victims with sounds and images. The attack tools given to participants contain a backdoor that will secretly install a Trojan if a user is ‘banned’ from the competition, Forcepoint reported.
“It remains unknown whether the author of Sledgehammer and these various tools has a hidden agenda, or is simply experimenting with these concepts,” Forcepoint said.
“Since Sledgehammer is a tool created by a group of Turkish descent, so it’s expected that the targets of their wares are would be those they oppose,” said Travis Smith, senior security research engineer at Tripwire as quoted by V3.