Damien Black Senior Journalist Updated on: 10 August 2022
Image by Shutterstock
A forum specializing in cyberattacks against Russia and Belarus has appeared on the scene – and while it charges for the service it also appears to be strongly partisan in nature, according to infosecurity firm Digital Shadows.
DUMPS is a Russian-language platform that advertises distributed denial of service (DDoS) attacks starting at $80 per hour – the main difference between it and other similar forums being that it strictly targets only entities in the two pariah countries.
“All topics within the forum must be aimed towards activity directed against Russia and/or Belarus,” said the Photon research wing of Digital Shadows. “Much of the activity centers towards sharing data leaks, advertising DDoS attack services, forged and stolen identity documents, and anonymous and bulletproof hosting services.”
The data-leaks section of the forum appears to be the largest, with others covering carding, initial access brokering, and spamming found to be empty at the time of Photon’s investigation.
“Users shared data stolen from Russia-based government and private institutions,” said Photon. “This includes several well-known and important Russian government institutions and utilities providers.”
Partisanship at a price
Rather than carrying out DDoS attacks on a free and voluntary basis – as, for example, Ukrainian cybersecurity firm disBalancer has been doing since Russia invaded on February 24 – DUMPS offers to do so “quickly, qualitatively, and effectively” for a fee.
It is not clear whether this is purely to cover the costs associated with conducting such cyberattacks or if it is at all motivated by profit, although Digital Shadows believes it is the former and that DUMPS is a legitimate partisan group.
Photon found that the price was correlated to the power of the DDoS attack on offer, with a lower-level “layer four” assault lasting one day priced at $500 and a more potent “layer seven” attack over the same period of time going for $600. Shorter-burst attacks charged by the hour are also available.
Despite these seemingly mercenary motives, DUMPS does appear to be quite stridently partisan in its outlook, even going so far as to post personal insults against Russian president-cum-dictator Vladimir Putin while simultaneously inviting his forces to do their worst against it.
“This is the only forum we’re aware of that is taking such a stance, which puts DUMPS in a unique position whilst also painting a target on its own back,” said Photon. “If the forum develops into a well-known and successful project, it will likely become a target of counter-activity from Russia-supporting cybercriminals.”
It added: “The brazen nature of the forum is perhaps best emphasized by the administrator posting their location, which points to a residential apartment in Kyiv. The roof of the building contains an insult towards Vladimir Putin: ‘путин хуйло’ [Putin is a d**k]. We’ve no idea if this location is actually the admin’s home – however, it emphasizes the spirit of defiance and resistance in which the forum is built.”
Similarly, administrators refer to Russia as “Rashka” – viewed in the country as a slur because it taps the English pronunciation of the word while adding a diminutive suffix “to convey extra venom.”
Winning hearts and minds
Despite its vigorous anti-Russian stance, DUMPS appears confident it can win over some of its citizens to the cause, particularly those who may have fallen foul of the law in Russia – the forum also features data on citizens convicted of possessing illegal weapons, “from local wanted lists and criminal records, suspects or persons of interests […] and information related to buying tickets for transportation out of Russia.”
Photon understands the Russian-language basis of DUMPS to be a pragmatic move to further this aim, in that it will not lose Ukrainian supporters – because most citizens of the beleaguered nation speak Russian well or fluently – while allowing the forum to attract Russians who may be willing to take up cyber-arms against their own country.
That said, since its inception in May the forum is not thought to have attracted more than a hundred partisans – although Photon added that this number could well grow if it gathers notoriety.
Russian retaliation expected
“Raising the membership will of course increase the forum’s profile, which in turn could represent a risk,” said Photon, pointing out that rival cybercriminal forums have previously resorted to attacking each other online. “The forum is currently open for any individual to join, which could represent an operational security risk. Some users have expressed concerns over this and requested an invite-only system.”
Indeed, DUMPS already appears to be on Russia’s radar, with access to the forum blocked in that country, but Photon believes it could nevertheless play an important part in the ongoing cyberwar as both a symbol of resistance and a hub for hacktivists and patriotic threat actors, “making a demonstrable difference on the cyber battlefield.”
It added: “It is also realistically possible that the success of DUMPS may inspire other services looking to play a part in the ongoing conflict.”