Busted: Israeli Teens Behind DDoS-For-Hire Service That Made $600,000
Israeli police arrested two men alleged to be the co-owners of an attack-for-hire service, according to KrebsOnSecurity. The pair was arrested around the same time that KrebsOnSecurity published an earlier story naming them as the masterminds behind a service called vDOS that can be hired to knock Web sites offline with powerful blasts of junk data.
vDOS — a “booter” service, earned more than $600,000 over the last two years helping customers coordinate more than 150,000 distributed denial-of-service (DDoS) attacks to knock websites offline, according to Krebs. vDOS recently suffered an attack itself, releasing information about tens of thousands of customers and their targets.
Service Sold On Underground Forums
The operators of vDOS were young Israeli hackers going by the names AppleJ4ck and P1st a.k.a. P1st0, Krebs reported. The pair marketed their service primarily on hack forums, offering monthly subscriptions from $20 to $200 per month. AppleJ4ck used the same nickname on Hack forums, while P1st used “M30w.”
Police arrested Yarden Bidani and Itay Hari, both 18, in connection with an FBI investigation, according to the Israeli news site, TheMarker.com.
The men were reportedly released Friday after questioning on the equivalent of about USD $10,000 bond each. Israeli police also seized their passports, put them under house arrest for 10 days, and prohibited them from using the Internet or telecommunications equipment for 30 days.
Krebs obtained a copy of the hacked database.
Krebs Suffers DDoS Attack
Krebs suffered a sustained DDoS attack for most of Friday, which spiked at nearly 140 Gaps. A message buried in each attack packet read: “godiefaggot.” The site was inoperable for a brief period, but it is guarded by Prolexic/Akamai DDoS protection. The attacks continue.
The men were fairly open about their activities, according to Krebs. Yarden’s Facebook page, now abandoned, contained messages that refer to him by his hacker nickname “AppleJ4ck,” and discusses DDoS activities.
vDOS’s customer support system was programmed to send a text message to Huri’s phone number, the same number listed in the website registration records for the domain v-email which proprietors used to manage the site.
Attackers Wrote About DDoS
The two men authored a technical paper in the Israeli security e-zine, Digital Whisper, in August on DDoS attack methods. Huri signed his real name. Bidani co-authored the paper under the [email protected],” an email address assigned to one of the vDOS administrators.
vDOS went offline on Friday. Before going offline at least four servers hosted in Bulgaria at a provider called Verdina.net supported the site.
Attackers Suffer Counterattack
According to automated Twitter feeds that track suspicious changes to the global Internet routing tables, sometime in the last 24 hours, vDOS fell victim to a BGP hijack.
In a BGP hijacking, one ISP fraudulently announces to all ISPs that it is the rightful custodian of some Internet addresses that it doesn’t have the right to control. It is a type of hack usually associated with spamming.
According to Twitter feeds, a firm called BackConnect Security hijacked the vDOS Internet addresses.
Bryant Townsend, founder and CEO of BackConnect Security, confirmed his company hijacked Verdina/vDOS’s Internet address space. He said his company took the measure to escape an attack launched Thursday, and that the company got an email from vDOS taking credit for the attack.
Townsend said attacks of more than 200 Gbps struck for about six hours. The company was trying to get the attacks to stop and to gather information about the botnet they were using and report it to authorities.
vDOS has been in operation since September of 2012, so it is likely the recent attacks are a small subset of this DDoS-for-hire service.
Image from iStock/zwawol and Shutterstock.