December 7, 2016

SLEDGEHAMMER - The Gamification of DDoS Attacks

Nicholas Griffin Security Researcher

What is Sledgehammer?

Operation Sledgehammer translated into Turkish is Balyoz Harekâtı, which was the name of a 2003 attempted military coup d'etat in Turkey. It’s also the name of a recent Distributed Denial of Service (DDoS) attack that targeted organizations with political affiliations that the attacker deems out of  line with Turkey’s current government. These organizations include the German Christian Democratic Party (CDU), The People’s Democratic Party of Turkey, the Armenian Genocide Archive and the Kurdistan Workers Party (PKK).

In our latest report, called Sledgehammer - The Gamification Of DDoS Attacks, we document the tools and attack methods used by a set of Turkish hackers. The name is derived from the name of a DDoS tool that we saw advertised on the underground forums. 

DDoS Attack Games for Hackers

Sledgehammer’s author runs a DDoS collaboration program named Sath-ı Müdafaa or “Surface Defense." Using a DDoS tool named Balyoz, hacking participants are asked to attack a limited set of political websites, but can also suggest new websites to add to the list of targets.

For every ten minutes spent attacking one of these websites, users receive points that can be traded in for rewards, such as a stand-alone version of the Sledgehammer DDoS tool and “click-fraud” bots used to generate revenue on pay-to-click (PTC) sites. There is even a live scoreboard so participants can see their point rank.

What is the Motivation of the Hackers?

Forcepoint Security Labs focus on enabling the awareness and understanding of intent. This is useful in order to identify likely future behaviour. The attacker initially attracts subscribers with the promise of participating in a collaborative DDoS system targeting websites of a political nature. “Click-fraud” bots add a monetization aspect to the system. A final twist in the tail was discovered when we uncovered a backdoor in the DDoS toolkit – the author is hacking the hackers. The motivations are varied but the implications are clear.

Who led this Research?

Forcepoint’s Special Investigations team is an elite group of threat researchers and incident response experts specializing in threats exhibiting unique tools, tactics and processes (TTPs). In the past year, highlights of the Special Investigations team’s work include discovering a new botnet campaign dubbed JAKU and cracking a persistent strain of ransomware known as Locky.

Download Link

The SLEDGEHAMMER whitepaper can be downloaded now:


We have an infographic for you also at:


About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.