vDOS, one of the most disruptive attack-for-hire services on the internet, has been taken down and its alleged co-owners arrested following a “massive hack” on the site.
The hack revealed information about tens of thousands of vDOS customers who had paid the site for DDoS (Distributed Denial of Service) attacks, as well as the identities of its apparently careless teenage owners.
The two eighteen year olds, named by an Israeli news site as Itay Huri and Yarden Bidani, were arrested in Israel on Thursday and put under house arrest.
Denial of Service attacks are blunt instruments that work by overwhelming targets with so much traffic that nobody can reach them. They can be used to render competitor or enemy websites temporarily inoperable (for malice or lolz) and to extort site owners into paying for attacks to stop.
If hacking is picking the lock then DDoS attacks are boarding up the doors and windows from the outside.
They require little technical skill and achieve their ends by harnessing the horsepower provided by botnets, networks of tens of thousands of computers compromised by malware.
“Booter” or “stresser” sites, like vDOS, lower the technical barrier to entry even further by turning DDoS attacks into a for-pay service that’s available to anyone with a credit card or Paypal account.
And vDOS was surprisingly popular. According to Brian Krebs who had an inside track on the hack, the site earned in excess of $600,000 in the past two years from coordinating more than 150,000 attacks.
To say that vDOS has been responsible for a majority of the DDoS attacks clogging up the Internet over the past few years would be an understatement.
Krebs also reveals that the hacker who opened up vDOS apparently gained entry by exploiting a gaping security hole that “allowed him to dump all of the service’s databases and configuration files”.
Criminal entrepreneurs they may have been but sysadmins, apparently, they were not.
The co-owners were also careless in the clues they left that could link them to the notorious booter:
- vDOS’s customer support system sent text message to Huri’s phone
- Huri’s phone number was on the registration records for a domain used to manage vDOS
- They revealed that their home country was Israel in support tickets to customers
- There were discussions about DDoS on Yarden’s abandoned (but not closed) Facebook page
- The pair authored a technical paper of DDoS attack methods
Yarden was also referred to by some of his Facebook friends as “AppleJ4ck”, a name that’s appeared in communications from the Lizard Squad, the grinches that ruined Christmas for millions in 2014 with a DDoS attack on Sony and Microsoft.
The alleged co-owners will have some explaining to do to the Israeli police, the FBI and tens of thousands of unhappy customers whose own details are now in the hands of law enforcement.