{
	"id": "41c59860-5159-4c04-93d8-ce2fdd699cbf",
	"created_at": "2026-04-06T01:28:57.855823Z",
	"updated_at": "2026-04-10T13:12:30.753999Z",
	"deleted_at": null,
	"sha1_hash": "787aa37b6e85d26fca3213c85d4964b76d070256",
	"title": "Hackforums Shutters Booter Service Bazaar",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 372674,
	"plain_text": "Hackforums Shutters Booter Service Bazaar\r\nPublished: 2016-10-31 · Archived: 2026-04-06 00:15:49 UTC\r\nPerhaps the most bustling marketplace on the Internet where people can compare and purchase so-called “booter”\r\nand “stresser” subscriptions — attack-for-hire services designed to knock Web sites offline — announced last\r\nweek that it has permanently banned the sale and advertising of these services.\r\nOn Friday, Oct. 28, Jesse LaBrocca — the administrator of the popular English-language hacking forum\r\nHackforums[dot]net — said he was shutting down the “server stress testing” (SST) section of the forum. The\r\nmove comes amid heightened public scrutiny of the SST industry, which has been linked to several unusually\r\npowerful recent attacks and is responsible for the vast majority of denial-of-service (DOS) attacks on the Internet\r\ntoday.\r\nThe administrator of Hackforums bans the sale and advertising of server stress testing (SST) services, also known\r\nas “booter” or “stresser” online attack-for-hire services.\r\n“Unfortunately once again the few ruin it for the many,” LaBrocca wrote under his Hackforums alias\r\n“Omniscient.” “I’m personally disappointed that this is the path I have to take in order to protect the community. I\r\nloathe having to censor material that could be beneficial to members. But I need to make sure that we continue to\r\nexist and given the recent events I think it’s more important that the section be permanently shut down.”\r\nLast month, a record-sized DDoS hit KrebsOnSecurity.com. The attack was launched with the help of Mirai, a\r\nmalware strain that enslaves poorly secured Internet-of-Things (IoT) devices like CCTV cameras and digital video\r\nrecorders and uses them to launch crippling attacks.\r\nAt the end of September, a Hackforums user named “Anna_Senpai” used the forum to announce the release the\r\nsource code for Mirai. A week ago, someone used Mirai to launch a massive attack on Internet infrastructure firm\r\nDyn, which for the better part of a day lead to sporadic outages for some of the Web’s top destinations, including\r\nTwitter, PayPal, Reddit and Netflix.\r\nhttps://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/\r\nPage 1 of 5\n\nThe Hackforums post that includes links to the Mirai source code.\r\nAs I noted in last week’s story Are the Days of Booter Services Numbered?, many booter service owners have\r\nbeen operating under the delusion or rationalization that their services are intended solely for Web site owners to\r\ntest the ability of their sites to withstand data deluges.\r\nWhatever illusions booter service operators or users may have harbored about their activities should have been\r\ndispelled following a talk delivered at the Black Hat security conference in Las Vegas this year. In that\r\nspeech, FBI Agent Elliott Peterson issued an unambiguous warning that the agency was prepared to investigate\r\nand help prosecute people engaged in selling and buying from booter services.\r\nBut it wasn’t until this month’s attack on Dyn that LaBrocca warned the Hackforums community he may have to\r\nshut down the SST section.\r\n“I can’t image this attention is going to be a good thing,” Omni said in an October 26, 2016 thread titled “Bad\r\nthings.” “Already a Senator is calling for a hearing on the Internet of Things [link added]. In the end there could\r\nbe new laws which effect [sic] us all. So for those responsible for the attacks and creating this mess….you dun\r\ngoofed. I expect a lot of backlash to come out of this.”\r\nIf LaBrocca appears steamed from this turn of events, it’s probably with good reason: He stands to lose a fair\r\namount of regular income by banning some of the most lucrative businesses on his forum. Vendors on\r\nHackforums pay fees as high as $25 apiece to achieve a status that allows them to post new sales threads, and\r\nbanner ads on the forum can run up to $200 per week.\r\nhttps://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/\r\nPage 2 of 5\n\n“Stickies” advertising various “booter” or “stresser” DDoS-for-hire services.\r\nVendors who wish to “sticky” their ads — that is, pay to keep the ads displayed prominently near or at the top of a\r\ngiven discussion subforum — pay LaBrocca up to $60 per week for the prime sticky spots. And there were dozens\r\nof booter services advertised on Hackforums.\r\nAllison Nixon, director of security research at Flashpoint and an expert on booter services, said the move could\r\nput many booter services out of business.\r\nNixon said the average booter service customer uses the attack services to settle grudges with opponents in online\r\ngames, and that the closure of the SST subforum may make these services less attractive to those individuals.\r\n“There is probably a lesser likelihood that the average gamer will see these services and think that it’s an okay\r\nidea to purchase them,” Nixon said. “The ease of access to these booters services makes people think it’s okay to\r\nuse them. In gaming circles, for example, people will often use them to DDoS one another and not realize they\r\nmight be shutting down an innocent person’s network. Recognizing that this is criminal activity on the same level\r\nof criminal hacking and fraud may discourage people from using these services, meaning the casual actor may be\r\nless likely to buy a booter subscription and launch DDoS attacks.”\r\nWhile a welcome development, the closure of the SST subforum almost seems somewhat arbitrary given the sheer\r\namount of other illegal hacking activity that is blatantly advertised on Hackforums, Nixon said.\r\n“It’s interesting the norms that are on this forum because they’re so different from how you or I would recognize\r\nacceptable behavior,” she said. “For example, most people would think it’s not acceptable to see booter services\r\nadvertised alongside remote access Trojans, malware crypting services and botnets.”\r\nOther questionable services and subsections advertised on Hackforums include those intended for the sale of\r\nhacked social media and e-commerce accounts. More shocking are the dozens of threads wherein Hackforums\r\nmembers advertise the sale of “girl slaves,” essentially access to hacked computers belonging to teenage girls who\r\ncan be extorted and exploited for payment or naked pictures. It’s worth noting that the youth who was arrested for\r\nsnapping nude pictures of Miss Teen USA Cassidy Wolf through her webcam was a regular user of Hackforums.\r\nhttps://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/\r\nPage 3 of 5\n\nHackforums users advertising the sale and procurement of “girl slaves.”\r\nNixon said most Hackforums users are essentially good people who are interested in learning more about\r\ntechnology, security and other topics. But she said many of the younger, impressionable members are heavily\r\ninfluenced by some of the more senior forum participants, a number of whom are peddling dangerous products\r\nand services.\r\n“Most of the stuff on Hackforums is not that bad,” Nixon said. “There are a lot of kids who are pretty much\r\nnormal people and interested in hacking and technology. But there are also gangs, and there are definitely criminal\r\norganizations that have a presence on the forum that will try to enable criminal activity and take advantage of\r\npeople.”\r\nThe removal of booter services from Hackforums is a gratifying development for me personally and\r\nprofessionally. My site has been under near-constant attack from users of these booter services for several years\r\nnow. As a result, I have sought to bring more public attention to these crooked businesses and to the young men\r\nwho’ve earned handsome profits operating over the years. Here are just a few of those stories:\r\nStress Testing the Booter Services, Financially\r\nAre the Days of Booter Services Numbered?\r\nIsraeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years\r\nRagebooter: Legit DDoS Service, or Fed Backdoor?\r\nDDoS Services Advertise Openly, Take PayPal\r\nBooter Shells Turn Web Sites Into Weapons\r\nSpreading the DDoS Disease and Selling the Cure\r\nLizard Stresser Runs on Hacked Home Routers\r\nhttps://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/\r\nPage 4 of 5\n\nThe New Normal: 200-400 Gpbs DDoS Attacks\r\nSource: https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/\r\nhttps://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/"
	],
	"report_names": [
		"hackforums-shutters-booter-service-bazaar"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "dfee8b2e-d6b9-4143-a0d9-ca39396dd3bf",
			"created_at": "2022-10-25T16:07:24.467088Z",
			"updated_at": "2026-04-10T02:00:05.000485Z",
			"deleted_at": null,
			"main_name": "Circles",
			"aliases": [],
			"source_name": "ETDA:Circles",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775438937,
	"ts_updated_at": 1775826750,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/787aa37b6e85d26fca3213c85d4964b76d070256.pdf",
		"text": "https://archive.orkl.eu/787aa37b6e85d26fca3213c85d4964b76d070256.txt",
		"img": "https://archive.orkl.eu/787aa37b6e85d26fca3213c85d4964b76d070256.jpg"
	}
}