5 ways hackers market their products and services

Hackers all over the internet today are slowly adapting to the changes in the attack marketplace. Many notorious DDoS groups like Lizard Squad, New World Hackers and others have already entered the DDoS as a Service business, monetizing their capabilities in peace-time by renting out their powerful stresser services. But it’s not just DDoS. It’s all attack services including application-based attacks. These marketed services are now allowing novice hackers with little know-how to launch attacks via affordable tools that are available on the Clearnet. This growth is healthy for any market but has forced vendors to take on more of a traditional marketing strategy.


Flashing banners, weekly promotions and customer service are all keystones to a successful marketing plan, but are now becoming cornerstones for attack vendors as well. Vendors that are selling attack services are using modern marketing techniques but they are also using multiple platforms to market their goods and services, just like a large firm would do. Often times you can find the hackers selling or marketing discounts for their services on Twitter, Facebook and other social media platforms. Social media is an important platform for the attackers since this is the first place the media and spectators will look when a large service goes offline.


Hackers are also utilizing marketplaces and forums on the Darknet to market their services. The Darknet not only provides a layer of anonymity but also acts as a barrier, preventing the normal population from seeing specific deals and services being offered on these forums. Hackers will also privately sell services and other goods to trusted individuals via private chat.

Below are 5 techniques hackers use to market their services:

Stunt hacking – Large groups like OutMine, Lizard Squad and New World Hackers will engage in what is considered stunt hacking in an attempt to market their group’s services. When Lizard Squad used their attack tool to take out XBOX of PSN, other attackers noticed and wanted access to the same power behind the group attack tool.

[You might also like: The Rise of Booter and Stresser Services]

Social media – Hackers will use social media to advertise and offer discounts for their attack services. Many times you will find a group committing a stunt hack and relying on their social media presence for marketing purposes following an attack. Whenever a major group claims responsibility for an attack, hundreds of thousands of curious visitors will go to their page. If the page contains a link to their services, it can result in paid subscriptions.

Forums – Attack services are openly advertised on websites like HackForums. Vendors usually post a detailed write-up about their services and offer vouch copies to help build a great customer service rating.

Private offerings – Underground hackers like to stay underground. Some do not have a social presence nor do they have a website that they market their services on. Some hackers are only available via PGP or XXMP encrypted communication. Once in contact with these vendors you can negotiate wholesale prices and receive sample databases for proof.

Customer Service – Just like any other service, the attack marketplace requires comments and reviews to sooth a client into making a purchase. Sending a large amount of money to an attack service vendor with no comments, reviews or feedback can be problematic. Today on most vendor websites, forums and marketplaces you can find a comment section filled with reviews from actual customers who have purchased the listed service.

As the attack marketplaces continue to grow, so will the number of vendors adapting to the changes in their environment. This growth in competition will result in more public advertisement of attack services. Vendors need to reach a wider audience to support the monetization of their capabilities. In order for these vendors to reach those that are willing to pay, they will need to become more proficient at marketing. If a gap develops in the vendor’s ability to market their services, they will need to seek out someone who could assist them. From this we could see the development of an advertising service just for attack services or we could even see attack sponsorship.


Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center