Interviews with a ddaser or what vandals earn

Hi, Habrahabr! I am an independent malware and security researcher. And the thought came to me to find a person providing services for DDoS and arrange an interview for him.

That is what I did. I ask under the cat, if you wonder how much people earn, as they do and in general, why do they need all this.

We contacted the favorite hackers Jabber and started the conversation.

Interviewer : Hello, please tell us why you are involved in DDoS and how did you come to this?

trezy@xmpp.jp : Hello , generally a long history ... It started somewhere from 2010-2011, working as an uncle in the office, getting a stable salary and it was necessary for the boss to remove one media, because in the office I was alone connected with the IT sphere He asked me, such as "how to close their website, delete the post and bla-bla-bla." I found several people who could organize an attack and the price was: "$ 400 per day." My eyes lit up, I started to google DDoS'e about it, found a couple of stateek on the hack forums, found out about botnets and so on ... And then the hour came to put my bot - it was some kind of custom bot (win) with a web panel, 3 views attacks (http get, udp, tcp). He fulfilled the order of his boss, received attendants, opened a couple of services on the forums, then made a website, got a couple of regular customers and went into the shadows until this year.

Interviewer : Thanks for the detailed answer!
A question. What tools are you currently using? Is there something famous. How is the maintenance of your bot network?
')
trezy@xmpp.jp : At the moment I am using QBot, Mirai rewritten by 90%.
In QBote at the moment about ~ 8.000 bots, and in Mirai ~ 170.000 bots.
Bots are mined with exploits, brute force ssh and standard Telnet brute.

Interviewer : Interesting, can you tell us more? Still, 170k bots are a very large number. Are there any attempts to "strangle" your botnet from law enforcement agencies?

trezy@xmpp.jp : I wouldn’t say a great one ... There were no attempts to “strangle” my botnet, I take good care of security.

Interviewer : Sorry for a possible brazen question, but what is your monthly income from such activities?

trezy@xmpp.jp : Income is not static, sometimes I can get $ 10,000 per month, and sometimes about $ 100,000

Interviewer : What level do you usually have clients? What do you usually do?

trezy@xmpp.jp : Most are owners of game servers, such as SAMP, WoW, Minecraft, etc ...
Game servers, and from sites - stock exchanges, media, online shopping.

Interviewer : And how much does it cost? What is your pricing policy?

trezy@xmpp.jp : Prices for low-security sites:
$ 10 per hour
$ 100 per day
$ 500 per week
Prices for medium-protected sites:
$ 25 per hour
from $ 250 per day
from $ 1000 per week
Prices for secure sites:
from $ 50 per hour
from $ 500 per day
from 3000 $ per week

And 90% of the amount goes into my hands, and the remaining 10% - on the server for bots / scanners and TP

Interviewer : How do you ensure your anonymity?

trezy@xmpp.jp : There are too many subtleties about which I would like to keep silent;)

Interviewer : What types of protection is the most difficult to put?

trezy@xmpp.jp : At the moment - Incapsula, Qrator, CloudFlare, Sucuri and little-known hosting (aka kms-hosting, simpliq, etc.)

Interviewer : Is there a limit to the sites being attacked?

trezy@xmpp.jp : In the sense of attacking whether the state. sites etc.?

Interviewer : Yes, in that sense.

trezy@xmpp.jp : Then - no, as long as the client has enough money for it

Interviewer : Were there problems with the feds?

trezy@xmpp.jp : No, we take very good care of our safety and the safety of customers

Interviewer : What do you plan to do next? Won't you always order to order

trezy@xmpp.jp : Until they do 100% protection against ddos, I’ll do it as I’m doing it - I'll grab it

Interviewer : Thanks for the interview!

Here is an interview with the bad guys. I don’t support them in any way, but it was interesting.