Fake adverts could be used to “remote control” internet browsers on a massive scale – allowing for cheap DDoS attacks, where millions of unwitting web users “attack” target sites.
“We did not hack anybody; we used the way the Web works and brought down our own server,” said Johansen, in an interview with MIT’s Technology Review.“We’re just loading images as quickly as possible.”
Johansen said such attacks are cheap, and easily scalable. At current prices – 50c per 1,000 views, according to Johansen – a million browsers can be “bought” for just $500. “It’s really not that much money to do real damage to real sites on the internet,” he says.
Johansen and his colleagues aim to move on to using such adverts to farm out the job of cracking encrypted passwords stolen in data breaches. Johansen says that getting such code in an advert would be “easy”.
Author Rob Waugh /Rob Waugh, WeLiveSecurity/
Author Rob Waugh, We Live Security