Booters - anybody can perform DDoS attacks

| Michaela Nesvarova

‘If you think only skilled hackers can perform attacks on servers, then maybe you know nothing’, said Jair Santanna during his pitch, which won him the PhD carousel at the CTIT Symposium 2015. Santanna’s PhD research focuses on Booters, websites allowing users to perform DDoS attacks as a paid service.

Photo by: Gijs van Ouwerkerk

DDoS (Distributed Denial of Service) attacks attempt to make servers or networks temporarily unavailable to users. Most of us would, indeed, think that only people with high technical skills would be able to perform such attacks, but that is no longer true. Anybody can use the so called ‘Booter’ websites to disrupt online services and Jose Jair Cardoso de Santanna, a PhD candidate from the Design and Analysis of Communication Systems group, is aiming to mitigate that.

Shutting down a school network

‘The topic of Booters was first brought to my attention, when a network of a Dutch school was under attack during their online exams. That resulted in the school not being able to proceed with the exams for weeks. Later they found out that a student with rather low technical skills was responsible - thanks to Booters’, explains Santanna, who is now investigating and mitigating the Booters phenomenon. ‘I use my findings against them.’

Years in prison

‘Together with two Master’s students I developed an algorithm to automatically find Booters via search engines and also in social media and hacker forums. Once I find them, I report them to security specialists who put them on black lists. However, this approach is not enough to shut down this phenomenon, and so I need to investigate the technical aspects of Booter attacks’, says Santanna. And he is not afraid to ‘get his hands dirty’ - the research includes actually paying the Booters to perform attacks against a robust network infrastructure.

‘Using the Booters is very easy and cheap. To know exactly how they work, I decided to first perform an attack on my own residential network and later at the university’, clarifies Santanna. ‘This is problematic, because according to the Dutch law, you can get several years in prison for attacks on public infrastructure.’ To continue with his work, Santanna therefore needed to receive legal permission from a Dutch prosecutor and he is also consulting an ethical advisor from the university.

Winning the PhD carousel

Was it an interesting research theme that won Jair Santanna the PhD carousel at the CTIT Symposium? ‘It is of course an attractive topic, but I sell my research with passion and enthusiasm. That is a unique skill for a academic researcher to have. I always try to explain things as if I was talking to my mother, making sure it is understandable to everyone’, he says.

Clearly his approach works, as Santanna received the first prize in the PhD carousel competition, that took place at the CTIT Symposium on the 9th of June 2015. The competition gave PhD students a chance to pitch their research within 3 minutes. Afterwards, the visitors could vote for their favorite presentation and Jair Santanna’s enthusiastic speech made it to the top. ‘It is nice to be recognized for something you do with passion’, he says.