The Scourge of the Internet: A Chat With Two Hackers on the Stress of DDoS

Okay, prepare yourself for some pretty dense internet jargon, all in the name of safety. Originally used as a form of online protest, Distributed Denial of Service (DDoS) attacks – basically where you bombard a website with traffic until it has a meltdown – are becoming increasingly malicious as people realize they can use them to fuck with large companies who have websites, a.k.a. every large company in the world. In 2012, DDoS attacks increased by a pretty ridiculous 200 percent, and 35 percent of businesses experienced some kind of disruptive DDoS attack.

For a powerful DDoS attack, hackers use botnets, which is essentially turning computers into an automated army that amplifies the traffic you're hurling at websites and works like this. If enough computers are used in an attack, you can end up doing some serious financial damage, like the time Anonymous left Paypal dealing with a hefty $5.3 million loss in a DDoS attack that paralyzed the company's computer systems.

I was maybe a little over-worried about the future of internet terrorism, so I caught up with Dragon and PhäntömZ – two very experienced programmers who run a stresser/booter company called Agony – to find out a little more. In case you didn't know (which is incredibly likely), a "stresser/booter" is normally a software or service that allows the user to flood the network of their target. As in, the kind of thing you'd use to help you carry out a DDoS attack.

VICE: Hey guys. Talk to me about botnets.
PhäntömZ: We stay away from botnets at all costs. The same goes for shells and black hat hackers. What's a black hat hacker?
Black hat hacking is an internet term for someone violating computer or internet security maliciously or for illegal personal gain, as opposed to "white hat", which is ethical hacking. How can you hack ethically?
Oh, it's where a computer security expert who specializes in penetration testing and will try to hack an organization's information in order to ensure that it's safe. Ah, OK. What do you think about people who DDoS maliciously for a personal or political agenda?
Dragon: I personally think that they're internet terrorists. The point of the internet was originally freedom of information, and most of the time that's not what people are using DDoS attacks for. Many of the attacks nowadays come from political parties or people trying to take out businesses. What's your opinion on CISPA?
CISPA is just the government trying to spy on everyone, in my honest opinion. CISPA would waive every single privacy law ever enacted in the name of cyber security. Would CISPA affect you?
Yes, CISPA would affect both of us. In fact, it would affect everyone. The issue is, when I want to do something anonymous online, I can't anymore – well, not without a ton of work. After CISPA, if a state agency like the police says, "We want records on this person," everyone has to release them. Could CISPA shut down your business?
If it grows into a more controlling bill, then it could have the potential to. I doubt it will, though.

What do you think of Anonymous?
They’re just a bunch of kids – 99 percent of them are under 20.
PhäntömZ: They’re online terrorist groups. I've had a few of them try to recruit me, but I keep turning them away. The way those groups run is just helping the government have more reasons to put cyber laws into play.

How does a DDoS attack work, exactly?
You either type a command into a server and it executes a program that attacks the target, or you use a GUI – otherwise known as a booter. [See these visualizations too - Ed.] Are DDoS attacks becoming a threat?
Dragon: DDoS attacks are becoming a real threat to some online businesses and individuals. Say you’re on a fun game online. A kid who doesn’t like you sees that you're having fun. With access to a booter, they can knock your entire house offline with the click of a button. Have you been the victims of DDoS attacks?
We were hit by an attack for an entire week. I diagnosed it and managed to divert it and notified everyone I could to help get it discovered and healed. What do you think of TOR and the Deepweb?
It's 99 percent bad; there's no purpose for it. It's expanded into a huge amount of illegal content that's mostly very disgusting and has no real purpose. Don't you think it helps with internet privacy to some extent?
Privacy over the internet is overrated. Most of the time, if someone wants to find you or knows who you are, they can find out what you're doing. It’s like my friend used to say – "A lock is to keep honest people honest." What do you know about the Reddit attack?
Reddit isn't that large of a website, so many different booter services could have been capable of an attack like that. Even our service, if tuned the correct way, could be capable of it.

Do Stressing/DDoS companies work as a business?
They do, but they don't make much unless they have a large clientele, like us, or do illegal things. There are many services on hacking forums that offer to do that kind of thing for you, but most people would rather be able to do it themselves using a program or a website that sells subscriptions. How would they go about doing that?
The only way someone would be able to make it themselves is if they had the appropriate programming knowledge and the server resources to create enough packets to stress whatever they were trying to stress.

Follow Will on Twitter: @Hypothesising

This post first appeared appeared at VICE UK

Read more about DDoS attacks and internet warfare:

Is DDoS the New "Sit In"?

The Shady Geeks Hiding in Bunkers Trying to Nuke the Internet

The Syrian Electronic Army are at Cyber War with Anonymous

Anonymous Calls Bullshit on the Future of Cyber Warfare