Another day, and yet another proof of the appalling state of cybersecurity at the moment. Cybersecurity guru Brian Krebs of KrebsonSecurity, on Friday, lifted the curtains off the filthy booter service ‘vDOS’ that was being used as a front to co-ordinate distributed denial-of-service (DDoS) attacks to knock websites offline. It was recognized as one of the most popular attack platforms, but has since been knocked offline.
The vDOS service, which itself was operating illegaly, has been massively hacked revealing the data of thousands of clients who had used the service to launch more than 150,000 DDoS attacks on their targets. The vDOS database obtained by Krebs mentioned two young Israeli men as the masterminds of the attack, with support from several young American hackers.
The hack on vDOS was made possible by Kreb’s source who was investigating a vulnerability he discovered on a similar attack-for-hire service called PoodleStresser(another booster service, huh!). This allowed the source to download configuration data for its attack servers, and they pointed back to vDOS. Though the servers were hidden behind a Cloudfare firewall, the source exploited a major security hole in vDOS that helped him dump the service’s entire database of users and configuration files.
This helped him discover the real IPs of four server rented by the service in Bulgaria. The report also unearthed the fact that vDOS was probably responsible for majority of DDoS attacks that clogged up the Internet in the past years. And this service has helped the proprietors mint more than $600,000, all accepted through digital payment gateways PayPal or Bitcoin. The database received by Krebs reveals the enormity of the attack in just past four months and in the official blogpost he states,
And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years worth of attack traffic.
Wait, let that humongous sink in. 8 years of traffic in just four months! woah! Now, you should also know that the two Israeli teens, Yarden Bidani and Itay Huri were arrested yesterday as part of an FBI invetigation into their alleged connection with vDOS. They weren’t too careful about covering their tracks, states Krebs on his blog. The two teens were recognized due a technical support conversation that showed that they were indeed in Israel and went by the name of P1st a.k.a. P1st0, and AppleJ4ck.
In addition to this, the duo hosted their vDOS server connected to Huri, and that account was then linked to the phone number and e-mail id of the two. They have even worked together on a technical paper on ‘DDoS attacks’ and there was evidence of the existance of an old Facebook page with reference to AppleJ4ck, the psuedonym used to run the vDOS business.
The duo has been questioned and released for a bail amount of about $10,000 each. The authorities have seized their passports and the two have been placed under 10 days of house arrest. They have also been warned to keep away from using Internet or any other telecommunications device for over 30 days. It is still unclear if they’ll face extradition to the U.S for investigation or not.
Well, the Israeli duo has shown us how easy it is to run a paid ‘booter’ DDoS service. The event may have shook the bedrock for some other paid services, but they’re not expected to give up anytime soon. This can be proved by citing the example of Krebs himself, whose website came under a heavy and sustained denial-of-service attack after publishing the vDOS article.The attack which is still ongoing is sending a single message buried in each attack packet: “godiefaggot.” The website went offline for a brief time, but was saved by DDoS protection service Akamai.