A new report by Digital Shadows Photon Research Team examines a newly launched DDoS protection filter mechanism dubbed EndGame advertised on the dark web community forum Dread, which required a combined effort from many parts of the dark web to create a solution for an ongoing problem that has been slowly killing off the cybercriminal scene one platform at a time.

In addition, the report looks at this new tool-set and its features, the team behind the tool, the impact it could have on the cybercriminal scene, and why DDoS attacks could ultimately become a thing of the past. For detailed findings, visit https://www.digitalshadows.com/blog-and-research/ddos-attacks-dark-web-endgame/

According to the report, on May 26, 2020, a Dread moderator announced the release of a DDoS protection filter mechanism called “EndGame” that would be free for the community. In a nutshell, "EndGame is a collation of tools designed to prevent DDoS attacks on the front end against both dark web services, and whoever else might be interested. The project appears to have been a long time in the making: Its co-creator mentioned it consists of 'thousands of lines of code using 8 open source projects, 6 open source NGINX modules, 6 open source libraries and MONTHS worth of work and testing'," says the report. 

While projects like this would typically be open source, EndGame’s contents are yet to be publicly released, notes the research team. The Dread moderator said that the tool’s creators didn’t want to delay the mechanism’s launch and so shared the tool freely with the Dread community to gauge opinion. They added that a GitHub project for the mechanism would be created when they “get the time.”

Although EndGame was first revealed on Dread, its launch announcement stated that it was a combined effort, with assistance coming from those affiliated with the dark web marketplaces White House Market, Big Blue Market, and Empire Market.

The Dread post announcing the project highlighted several of the tool-set’s purported features and advantages, including:

  • “A front system designed to protect the core application servers on an onion service in a safe and private way”
  • “Locally compiled and locally run (no trusted or middle party)”
  • “A combination of multiple different technologies working together in harmony”
  • “Fully scripted and easily deploy-able (for mass scaling!) on blank Debian 10 systems”
  • “Full featured NGINX LUA script to filter packets and provide a captcha directly using the NGINX layer”
  • “Rate limiting via Tor’s V3 onion service circuit ID system with secondary rate limiting based on a testcookie like system”
  • “Easy Configuration for both local and remote (over Tor) front systems”
  • “Easily configurable and change-able to meet an onion service’s needs”

Initial reactions on Dread to the toolset’s release have been mostly positive, with little negative feedback, notes the Photon Research Team. 

If EndGame gains traction and suitably impresses users, "we may see increasing numbers of dark web marketplaces and forums implementing this protection mechanism. Significant effort is likely to have been spent on compiling this tool-set and its individual components to provide a complete front-end protection service. However, the threat of DDoS attacks and extortions will only persist if there are avenues of weakness that can be exploited. If platforms start introducing protection features that increase both the time and money an adversary must spend to compromise a victim’s service, the threat will likely decrease," notes the Photon Research Team. 

The collaborative effort to find a possible solution to an ongoing problem indicates the community’s intent to stop DDoS attacks against dark web services once and for all, they add. "While we cannot tell whether EndGame will eradicate DDoSing activities across the dark web community, a tool-set offering a number of features, customizations, and solutions moves the scene into a much better position than before," the team concludes. 


For detailed findings, please visit https://www.digitalshadows.com/blog-and-research/ddos-attacks-dark-web-endgame/