Sellers of Silence--The Back Markets and Footprints of DDoS Botnets (2010-2024)

Sellers of Silence--The Back Markets and Footprints of DDoS Botnets (2010-2024)

A DDoS (Distributed Denial of Service) attack is a method of overwhelming a targeted website or online service with large numbers of accesses, causing it to stop functioning. This attack, which once required advanced technical skills and large-scale infrastructure, is now easily accessible to anyone through "rentals" and "sales. In other words, the "democratization of attacks" is progressing. These services are called "booters" or "stressors" and are ostensibly offered as "network stress tests," but in reality, many of them are used for fraudulent activities targeting other people's services.

In the Russian case reported by WIRED, young programmers were based in St. Petersburg and Moscow, building and selling botnets and malware. They gradually established themselves as attack contractors while building a reputation on cybercrime forums. In some respects, these activities were based on the tacit approval of the Russian authorities. As long as the state does not intervene overtly, their activities escape crackdowns and can affect targets around the world.

The Bredolab botnet, uncovered by Dutch authorities in 2010, infected approximately 30 million computers and was used not only for DDoS attacks but also for spam distribution and fraud. The operators were reportedly making as much as $125,000 per month by renting access to the botnet to cybercriminals. This structure became the basic model for the DDoS market that followed.

In 2024, Operation PowerOFF, a joint operation by the U.S. Department of Justice and international agencies, shut down 27 sites providing a service called DDoS-for-Hire and arrested three people involved. These services allowed users to launch temporary, large-scale attacks targeting schools, businesses, and government agencies for a small amount of money.

In the same year, a botnet called 911 S5, operated by Chinese national Yunhe Wang, was also uncovered. This network provided criminals with an anonymous communication channel by selling IP addresses of infected PCs in more than 200 countries around the world for a profit of at least $99000000. Users included fraudsters, hackers, and even money launderers.

One of the most famous historical examples is the 2016 "Mirai botnet" incident. This attack used special malware that infected IoT devices to carry out a massive DDoS attack that brought major services such as Twitter, Netflix, and Reddit to a temporary halt. Three of the developers, all young Americans, have since had their punishments reduced while cooperating with the FBI.

Thus, the underground economy behind DDoS attacks is built on the collusion of young technologists and the criminal networks that turn them into money. They sell silence and silence others. Freedom and publicity in the Internet space are still threatened by this silent violence. The reality is that the ease of access and anonymity significantly lowers the threshold for serious criminal liability if one is involved. If technology is "power," this structure of trading it for "power to contain" reflects a cross-section of contemporary cyberwar.