Distributed denial-of-service (DDOS) attacks are often in the news and since Izz ad-Din al-Qassam Cyber Fighters started launching such attacks against US financial institutions, even less tech savvy users know what they are.
However, not everyone knows that you don’t need to be a hacker or a cybercriminal mastermind to launch DDOS attacks against a website or a server.
Security expert Brian Krebs, who has analyzed numerous cybercriminal services, takes a look at another DDOS service. It’s called AsylumStresser.com and it’s advertised as “one of the leading network stressers on the market!”
AsylumStresser.com can’t be used to take down large sites that have DDOS protections in place, but it can be efficient against medium-sized websites.
One individual, who claims to be the site’s administrator, has told Krebs that the service is only for stress testing one’s own website, not for attacking others. However, a video ad posted on the site’s main page clearly says that AsylumStresser can be utilized to take down the competition’s servers or websites.
The site’s administrator says Asylum is not responsible for what customers do with the service. However, experts argue that this is not accurate.
“If they’ve got their fingers on the trigger and they launch the attacks when they’re paid to, then I would say they’re criminally and civilly liable for it,” Mark Rasch, a security expert and former US Justice Department attorney, told Krebs.
There are several services such as AsylumStresser.com out there. The owners of such services are in many cases US citizens who hide behind disclaimers.
However, as Krebs highlights, many of these websites are based on the same source code and many of them are highly vulnerable. It’s not uncommon for the databases of these websites to be leaked online.
In the case of AsylumStresser.com, its leaked database shows that between March 17 and 23, 2013, it was utilized to launch over 10,000 attacks.