The demand for DDoS-for-hire services has surged significantly in recent years. Cameron Schroeder, chief of the Cyber and Intellectual Property Crimes Section at the U.S. Attorney’s Office, said the increase is driven by accessibility, ease of use and the need for only minimal technical proficiency.
The DDoS-for-hire landscape has evolved and expanded due to the rising popularity of gaming and the adaptability of these services for varied illegal activities, including ideological uses and uses for financial gain and retaliation.
The challenges of enforcement call for a holistic approach involving both prosecution and prevention. “While we have been targeting the administrators of services, we’ve also been learning over time that we need to start targeting the customers as well,” Schroeder said. “It’s a demand-supply ecosystem, and we need to target it from both sides.”
Beyond prosecution, preventive efforts should take center stage, Schroeder said, and education and deterrence programs should be employed to dissuade potential users. Encouraging private sector and academic institutions’ involvement in nurturing young talent and steering them toward legal paths is mutually beneficial, she said, as it fulfills the demand for cybersecurity expertise and cultivates a pool of skilled individuals.
In this video interview with Information Security Media Group at Black Hat USA 2023, Schroeder also discussed:
- How the strategies for targeting administrators and targeting customers differ;
- Why it is easier to prosecute DDoS for hire compared to other types of cybercrime;
- The criteria for a successful DDoS-for-hire services campaign.
Schroeder and her team prosecute federal crimes relating to computer and network intrusions and attacks, digital asset platforms, and IP infringement crimes, including trade secret theft and economic espionage. Schroeder also focuses on nation-state cyber activities.