According to the security firm Forcepoint the hacker started prompting the DDoS platform in Turkey. He was offering a tool known as Balyoz, the Turkish word for Sledgehammer, that can be exploited by hackers to launch powerful DDoS attacks against a select number of websites.
The hacker rewards with a point its customers for every ten minutes they hit a website. These prizes include a more powerful DDoS attacking tool, access to bots designed to generate revenue from
These hacker is offering interesting prizes for the users of its Sledgehammer platform. they include a more powerful DDoS attacking tool, a malicious code that can be used to scare the victim with sounds and images, and the access to a click fraud botnet that could allow them to earn money.
The researchers discovered that DDoS platform has been advertised on Turkish hacking forums, but Forcepoint has no idea about the number of participants recruited with this gamification of DDoS attacks.
The list of websites targeted by the tool is composed of 24 political websites having a specific position with regards of Turkey.
“Most, if not all, of the targets identified on the target list were chosen because of their political position with regards to Turkey. Kurdistan was prominent, with organizations such as the Kurdistan Workers Party (PKK)2 and its military wing the People’s Defense Force (HPG)3 being targeted. But the German Christian Democratic Party (CDU) was also among the targets, as was the Armenian Genocide archive run by the Armenian National Institute in Washington DC” continues the report.
Users can also suggest new websites to include in the list of targets, the platform displays live scoreboard for participants in the attacks.
The author of the DDoS platform has implemented a series of rules to optimize the use and the access to the Surface Defense, for example, the participants can run the tool only on a single machine, a measure necessary to ensure fairness during the competition.
But Forcepoint noticed that the DDoS attack tool given to the participants also contains a backdoor that will secretly install a Trojan on the computer.
Forcepoint discovered also the presence of a backdoor in the software executed by the participant to the DDoS platform. This backdoor is triggered if a participant has been banned from the competition.
“When we began to reverse engineer the software, taking it apart in order to analyze what it did, we discovered a backdoor. Whoever wrote this software gave themselves the opportunity to compromise the computers of those participating in the “game”.” continues the report. “What we know about the author is that they have already produced a number of “malicious” tools written in C#/.NET, which they describe on a YouTube channel. However, the evidence in the author’s videos combined with other data points collated during the investigation, led us to hypothesize that it is a realistic possibility this author may work for a Turkish defense contractor which supplies, amongst other things, signals intelligence (SIGINT) systems”
Who is the hacker behind the Surface Defense platform?
Experts believe he is a hacker using the online moniker “Mehmet,” based in the city of Eskisehir (Turkey).
Enjoy the Surface Defense!
(Security Affairs – Surface Defense, DDoS platform)