A Turkish hacker who is known online as Mehmet has launched a DDoS competition that invites participants to take down political websites and then be rewarded for their achievements.
Security company Forcepoint discovered what they called the “gamification” of DDoS attacks, saying that each participant in the contest receives access to a tool called “Balyoz” (the Turkish word for Sledgehammer), whose purpose is to allow them to launch DDoS attacks against select websites from just a single machine.
Attackers are then rewarded for their achievements and the longer they run the DDoS application, the more points they get, the security firm explains.
“For every ten minutes spent attacking one of these websites, users receive points that can be traded in for rewards, such as a stand-alone version of the Sledgehammer DDoS tool and ‘click-fraud’ bots used to generate revenue on pay-to-click (PTC) sites. There is even a live scoreboard so participants can see their point rank,” Forcepoint explains.
Although this competition is mostly aimed at political websites, including here Angela Merkel’s German Christian Democratic Party, The People’s Democratic Party of Turkey, the Armenian Genocide Archive and the Kurdistan Workers Party (PKK), participants can also come up with their own proposals should they want to take down a different website.
What’s interesting is that the backdoor tool that attackers receive is infected with a backdoor which only activates once the user participating is out of the competition.
“The backdoor is a very small trojan and its sole purpose is to download, extract and execute another .NET assembly from within a bitmap image. It also downloads a secondary ‘guard’ component which it installs as a service. This ‘guard’ component ensures that if the backdoor is deleted then it will be re-downloaded and also installed as a service,” the security firm notes.
Basically, the Turkish hacker is trying to compromise the computers of the other hackers in an attempt to form his own botnet that can eventually be used for launching large-scale DDoS attacks.
It’s not yet clear how many attacks participants in the contest already launched and if any website was impacted, but Forcepoint says it’ll continue to monitor the activity of the hackers and will report back with more updates.