Без рубрики

Answer to BleepingComputer on Liberator

Recently, BleepingComputer issued an article written by Ax Sharma that reviewed a Boxmining video about Liberator.

The text was read carefully by the team. So, we have to shed some light on it. 

“Of all cyberattacks, DDoS can be fairly easy to conduct as it involves no “hacking” or breaching the target—merely flooding the servers with repeated web requests (packets) can cause them to “freeze” for some time and cease serving webpages.

This is probably why, both hacktivist groups and threat actors including ransomware and extortion gangs, have leveraged DDoS attacks against their targets at some point.”

Bearing in mind that machine learning and heuristic approaches are now used to resist DDoS attacks, we found it strange for a cyber security researcher to understand a DDoS attack “to be fairly easily conduct”. Moreover, even performing an attack on the server requires thorough server research. Many sites now use WAF to filter malicious traffic.

“YouTube’s policies generally prohibit content that demonstrates how to use computers and IT equipment to conduct hacking, but the policy appears to more specifically apply to instructions on stealing credentials, compromising personal data, and causing “serious harm to others,” by hacking their social media accounts.

And, that makes DDoS videos a gray area—at least on YouTube.”

On YouTube and GitHub, you can find instructions on how to get root access to someone else’s network or computer. Also information about encryption and cryptography are open. If there is a description of security protocols and how TCP/IP works, there always will be another one on how to use it “incorrectly”. Combining this information may turn out to be ransomware (extortion). Therefore, cryptography and computer security may be the gray area too. 

“Russia’s ongoing invasion of Ukraine has now lasted well over two months and the war is having devastating consequences on the Ukrainian people and their families.

A report published as recently as today shows injured civilians some with “wounds rotting with gangrene.” These civilians have sought refuge in the Azovstal steel plant located in the Ukrainian city of Mariupol.

While 25 of these civilians have been evacuated, unfortunately, up to 1,000 are purported to still be living underneath the plant.”

It stops looking like cybersecurity analytics and is taken even more out of context. But us Ukrainians, we will answer. 

Azovstal is the biggest wound for Ukrainians, but the author didn’t mention other cities in the regions of Kyiv, Chernihiv, Sumy, Luhansk, Donetsk, Kherson, Mykolaiv, and Zaporizhzhya. The number of victims is not limited to 1000 people. There are dozens of times more. The mutilations inflicted by the russian military are not limited to being wounded with gangrene: the russian army rapes Ukrainian women and children, robs houses, carries out mass shootings of tied people

steals children, and every day missiles hit someone’s home and take someone’s life away. So it would be better not to give such a context without giving it to the full extent. Again, it is the author’s ultra vires. As well as understanding, as it seemed. But it affects a reader and his or her conclusions afterward. 

“The very sight of such distressing facts and footage may genuinely prompt netizens, even those based outside the Russo-Ukrainian region, to take action”.

A distressing fact is when you forget your umbrella when going to work. The russian invasion turned out to be a tragedy for the whole Ukrainian nation. 

Besides, what is the Russo-Ukrainian region? Ukraine is a sovereign and independent country, and it had invaded by the russian 

troops. There is no need to unit them. The author should not make new concepts that sound offensive to Ukrainians and do not correspond to reality. 

“Under the U.S. Computer Fraud and Abuse Act (CFAA), those found guilty of engaging in DDoS can face up to 10 years in prison. UK’s Computer Misuse Act of 1990 outlaws DDoS attacks as well. And, Dutch law includes similar legislation.

Even the use of “booter services and stressers” violates these acts.”

Based on the above, stressors are not allowed to help businesses find vulnerabilities in their security systems. So do companies that provide that service and projects that offer it violate the laws?

“Last month, cyber security researchers at Avast Threat Labs warned against joining DDoS attacks against Russia as compelling as the cause may seem, and specifically looked at disBalancer’s app. A worst-case scenario surmised by Avast Threat Labs is, should the C&C server be compromised, everyone taking part in the DDoS attack could be identified by their username and location.”

Frankly, it was much earlier. The information in the article is outdated. We answered Avast which had been delivering its services to the aggressor as we do now but let us do it again. 

Disbalancer was started literally as a B2B product for stressing and load-testing startups, companies, startups, etc., and fighting with scammers of newborn crypto-related projects. It has non-public (read as commercial) attack methods which we developed for not a one day, so you can’t find them on GitHub or whenever. When releasing their article, Avast researched the old (the first one and DEBUG) version that we had created for a group of 30 beta testers who agreed with the terms of data sharing them for debug purposes, as that client was written only for Windows and developed on C#. If you have an advanced level of computer security – you could quickly check what is transferred via “a non encrypted connection” — it is literally nothing. We got only your (maybe not your if you are behind VPN, proxy) IP for targeting coordination. We don’t store IPs or hardware snapshots to identify our users. ISP wouldn’t cut you off in any case cause we don’t use stupid flooding techniques such as KillNet (a script kiddie russian group) or other skids. Machines and servers, which have been idle, are now running Liberator 24/7, and no one of 5 ISP’s even noticed anything about “illegal activity” or something like that. 

As an advanced user, you may try to launch any app in the Virtual Machine (VirtualBox, VMWare) and check what data is transferred ‘outside’ and how the process does nothing with your data or identity particles on the PC, such as GUID, HWID, etc. 

Besides, one of the main rules of running Liberator is to use VPN.