Security writer Brian Krebs reported Saturday that Israeli authorities have arrested two Israeli teens in connection with an online attack-for-hire service he profiled earlier last week.
In operation since 2012, the vDOS, “booter” service has earned more than $600,000 over the past two years by helping customers coordinate distributed denial-of-service (DDoS) attacks on Web sites around the world, a database revealed after the business was hacked. A booter service offered by cybercriminals provides paying customers with DDoS attack capabilities on demand.
Over the weekend, news publications TheMarker.com and Haaretz reported that Israeli authorities arrested Itay Huri and Yarden Bidani, both 18, in connection with the activities of vDOS. Police in Israel were alerted to the activities of the teens by the Federal Bureau of Investigation, according to the publications.
In a post on his KrebsOnSecurity Web site Thursday, Krebs revealed details about vDOS’ operations that were exposed after the business was “massively hacked” earlier this year. He said the hacked vDOS database, which he obtained at the end of July, showed the service had helped launch more than 150,000 DDoS attacks over the past two years.
Nearly 9 Years of Attack Traffic in 4 Months
“To say that vDOS has been responsible for a majority of the DDoS attacks clogging up the Internet over the past few years would be an understatement,” Krebs said in his post. “[I]n just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years worth of attack traffic.”
Krebs’ profile of the service featured a screenshot of vDOS’ home page showing that the company offered packages ranging from $19.99 to $199.99 per month. Services were priced according to how long, in seconds, each DDoS attack lasted.
A DDoS attack involves “an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources,” according to Digital Attack Map, a collaboration between Google Ideas and Arbor Networks that tracks DDoS incidents. Targets for such attacks often include such critical sites as banking and news services.
The massive number of attacks enabled by vDOS during just four months this year was possible because the business handled “hundreds — if not thousands — of concurrent attacks on any given day,” Krebs noted.
Payments via Bitcoin, PayPal
The teens accepted payments for vDOS’ services in bitcoins and also used “a round-robin chain of PayPal accounts” to launder payments, according to the Haaretz report of the arrests of Huri and Bidani.
Since the arrests, Huri and Bidani have both posted bonds of about $10,000 each and were released to supervised house arrest for 10 days, according to the Haaretz report. Both teens had to surrender their passports and are prohibited from using any form of telecommunication or the Internet for 30 days.
In a follow-up post to his vDOS profile, Krebs reported that for most of Friday his own Web site “came under a heavy and sustained denial of service attack which spiked at almost 140 Gbps.” While it uses DDoS protection, his site continues to experience ongoing attacks, he added.
Since Friday, vDOS’ Web site has gone offline, Krebs said. Prior to that its operations had been supported by at least four servers in Bulgaria. While the hacked database showed payments to vDOS only since 2014, the business has most likely earned more than $1 million since 2012 and been responsible for “several decades worth of DDoS years,” Krebs said.
In the first six months of 2016, DDoS attacks have continued to grow in size and frequency, according to the latest attack data from Arbor Networks. The U.S., France and the U.K. are the top targets for attacks of over 10 Gbps and the average attack size during the first half of this year has increased by 30 percent over 2015, according to Arbor Networks.