Hacking forum cuts section allegedly linked to DDoS attacks

“I do need to make sure that we continue to exist and given the recent events I think it’s more important that the section be permanently shut down,” he wrote.

The section was designed to let members offer so-called stress testing services for websites as a way to check their resiliency. However, security firms claim Hack Forums was actually promoting DDoS-for-hire services that anyone can use to launch cyber attacks.

Hack Forums has been in the news lately following the emergence of Mirai, a malware blamed for a string of recent distributed denial-of-service attacks, including one last Friday that disrupted access to dozens of sites in the U.S.

Although it’s still unclear who pulled off the attack, the Mirai source code has been publicly available on Hack Forums since Sept. 30, when an anonymous user named “Anna-senpai” posted the code to the site.

According to security firms, copycat hackers have been detected taking advantage of the Mirai source code to launch new DDoS attacks.

HackForums.net

In announcing the closure, Hack Forums admin LaBrocca said, “Unfortunately, once again the few ruin it for the many.”

“I am sure this is going to upset some members, but also please many, some of whom aren’t even members,” he wrote.

Hack Forums has also been distancing itself from any connection with last Friday’s attack and the Mirai malware that’s believed to be involved.

“The link between the Mirai Botnet and HF (Hack Forums) is inaccurately being reported,” LaBrocca said in an email. Anna-senpai, the user who posted the Mirai source code, has only been a site member for three months and doesn’t represent the entire community, LaBrocca said.

Earlier this week, security firm Flashpoint stated that users on Hack Forums may have been involved in launching last Friday’s DDoS attack. Hackers on the site have been known to create DDoS-for-hire services as a way to earn cash, the firm alleged.

In an email, LaBrocca said there are legal and legitimate uses for website stress-testing tools. These tools can be designed to verify whether a website can withstand cyber attacks.

“We’re an open online forum which allows discussion and content other sites might not allow,” LaBrocca said. “We’re to the freedom of technology information what WikiLeaks is to government and corporate information.”

Hack Forum’s Server Stress Testing section prohibited posts related to websites that offer DDoS attacks. But despite that, critics have said the site’s Server Stress Testing section was a top destination to buy DDoS-for-hire services.

“There are page upon page upon page of these products,” FBI agent Elliott Peterson said during a presentation at the BlackHat conference in August.

Many of these DDoS-for-hire services offered through Hack Forums look professional and appear legitimate but advertise the capability to take down websites and servers, Peterson said at the time.

Legal experts have also said that Hack Forums can be held liable for promoting DDoS attacks if there’s evidence proving illegal activity.

“It comes down to what’s actually happening, and not what’s just being advertised or described,” said Marcus Christian, a lawyer for Mayer Brown who specializes in cybersecurity. He questioned whether Hack Forums was financially benefiting from the alleged DDoS-for-hire providers.

The Hack Forums site had said that for $80 a week, it would promote sellers’ listings in the Server Stress Testing section.

LaBrocca said on Friday the section will never return, even when the “drama” dies down.

“I’m personally disappointed that this is the path I have to take in order to protect the community,” he wrote. “I loathe having to censor material that could be beneficial to members.”

In an email, LaBrocca said Hack Forums was similar to Twitter, Github or Reddit with its approach to content. “The content on the site is member created and reflects the topics they are interested in discussing,” he said.