SoylentNews

takyon writes:

After Brian Krebs exposed a DDoS-for-hire service disguised as "stress testing", a denial-of-service attack was launched against his website. Now, the two alleged operators of the service have been arrested:

Krebs describes vDos as a DDoS-for-Hire service that offered paid accounts to users who wanted to launch DDoS attacks on their targets or developers who planned to build DDoS services (stressers) of their own. The investigator provided the vDos database to Krebs, who discovered that, in the last two years, vDos customers launched over 150,000 DDoS attacks that totaled more than 277 million seconds of attack time. The database also contained payment records. Krebs discovered that the site's two operators made $618,000 only in the last two years, based on financial records dating back to 2014. vDos launched in 2012, so it might be accurate to say that its creators have made over $1 million since its creation.

The investigator also told Krebs that vDos was hosted on servers in Bulgaria, but its two creators were from Israel, as revealed by support tickets. The site's two creators had banned the ability to launch DDoS attacks against Israeli IPs so that it would not cause problems with local authorities.

[...] Soon after the article went live and users started sharing it on social media, Reddit, Slashdot, and HackerNews, a DDoS attack hit Krebs' website. According to Krebs, the attack was initially small, only 20 Gbps, but more than enough to bring down his website. In reality, 1 Gbps is more than enough to bring down most web servers. This initial attack later turned into a 128 Gbps attack. [...] UPDATE: Minutes after publishing this story, reports came in that Israeli law enforcement arrested the two alleged vDos owners named in the Krebs report.

Also at The Register, which notes that the two men authored a paper about DDoS attacks signed with their real names, and that one of them had previously claimed to have attacked the Pentagon.

Original Submission