da/sec scientific talk on Internet-Security

Topic: Booters and certificates: An overview of TLS in the DDoS-as-a-Service landscape

by Saed Alavi
FBI D19/2.03, Mai 19, 2016 (Thursday), 12.00 noon

Keywords — SSL certificates, Booters, Trust

Abstract

DDoS attacks are getting more sophisticated and frequent whereas the required technical knowledge to perform these attacks decreases. The reason is that DDoS attacks are offered as a service, namely Booters, for less than 10 US dollars. As Booters offer a DDoS service that is paid, Booters often make use of TLS certificates to ensure secure credit card transactions, data transfer and logins. In this talk, we review Booters websites and their use of TLS certificates. In particular, we analyze the certificate chain, the used cryptography and cipher suites, protocol use within TLS for purpose of security parameters negotiation, the issuer and the validity of the certificate. Our main finding is that there is a typical certificate chain used by most of the Booters which can be used to identify malicious websites.