A group of cyber criminals participated in a competition against political party portals but in turn they were infected to generate large-scale DDos attacks
The first rule of Bayloz, a Turkish word that would be hammer in Italian, is that you never talk about the Bayloz. At least until security firm Forcepoint discovered this system of cyber criminals using competitions based on DDos attacks to target political sites and more.
How hacker competitions work Security firm Forcepoint discovered what a group of Turkish cyber criminals called “gamification.” A series of tests carried out with DDoS attacks, where each contest participant receives access to a tool called “Balyoz.” Based on the targets hit and the consequences, the hackers would receive points. At the end of the tournament, those with the highest score could convert their points into tools for future criminal actions, such as receiving a bot as a gift that could be used to generate pay-per-click revenue on sites. The game was organized in a complex way with rankings and rounds.
Who got hit?
The main targets given to the “competitors” by the Turkish organizers were political sites. Forcepoint reports that Angela Merkel’s site was hit in this way. But also the portal of the People’s Democratic Party of Turkey and the archive on the Armenian genocide. The website of the Kurdistan Workers’ Party was also a victim of the hacker competition. Non è ancora chiaro però se il fenomeno ha interessato solo siti politici in quanto nel gioco era possibile proporre un bersaglio e Forcepoint non esclude vittime non appartenenti al mondo della politica turca o Europea.
Cos’è un attacco Dos?
Fonte foto: Shutterstock
Cosa è un attacco Dos
Un attacco DoS (Denial-of-Service), è un attacco mirato ad arrestare un computer o una rete, per impedirne l’accesso da parte degli utenti effettivamente autorizzati. A tale scopo, gli attacchi DoS inondano l’obiettivo con traffico o inviano informazioni che generano un blocco. A DDoS (Distributed Denial-of-Service) attack is a variant of a DoS attack that employs a very large number of infected computers to overload the target with bogus traffic.
Hackers victimized
Interestingly, the Turkish organizers in the tool given to competitors defined Balyoz had inserted a backdoor capable of activating only when the competition was over. Forcepoint further made it known that: “The backdoor performed the function of a small trojan and its only purpose was to download, extract and execute another malware within a bitmap image. It also made download a secondary component called “guard”, which installs as a service. This component ensures that if the backdoor is deleted then it will be reinstalled.” Essentially, the Turkish hacker is trying to compromise other hackers’ computers in an attempt to form his own botnet that can eventually be used to launch large-scale DDoS attacks.