Using inherent command and control vulnerabilities to halt DDoS attacks

Dirt Jumper is a powerful distributed denial of service (DDoS) family of toolkits (e.g., includes Drive version x, Dirt Jumper version x, and Pandora) sold in online black markets. The buyers are typically individuals who seek to infect computers globally and incite them to collectively emit crippling unsolicited network traffic to unsuspecting targets, often for criminal purposes. The Dirt Jumper Family (DJF) of botnets is not new; however, new variants have made the family more destructive and more relevant. The DJF has caused millions of dollars of damage across several different business sectors. Notably in 2014, a European media company was attacked with a 10-hour, 200 gigabit per second DDoS campaign with an estimated impact of $20M. Traditional defensive measures, like firewalls, intrusion prevention systems, and defense-in-depth, are not always effective. The threat may hasten the emergence of active defenses to protect Internet-based revenue streams or intellectual property. In practice, some companies have either found legal loopholes that provide immunity, or have decided to leverage the budding relationship between the government and the private sector to Hack Back with implied immunity. Either way, tools are currently being used to defend against hacking. This paper provides: (1) an overview of the present threat posed by the Dirt Jumper family of DDoS toolkits, (2) an overview of the Hacking Back debate and clear examples of the use of legal loopholes or implied immunity, and (3) novel offensive campaigns that could be used to stop active DDoS attacks by exploiting vulnerabilities in the botnet's command and control (C&C). Our work could be the first steps toward a cyber-deterrence strategy for hacking and cyber espionage, which is a National Security imperative.