After Brian Krebs exposed a DDoS-for-hire service disguised as "stress testing", a denial-of-service attack was launched against his website. Now, the two alleged operators of the service have been arrested:
Krebs describes vDos as a DDoS-for-Hire service that offered paid accounts to users who wanted to launch DDoS attacks on their targets or developers who planned to build DDoS services (stressers) of their own. The investigator provided the vDos database to Krebs, who discovered that, in the last two years, vDos customers launched over 150,000 DDoS attacks that totaled more than 277 million seconds of attack time. The database also contained payment records. Krebs discovered that the site's two operators made $618,000 only in the last two years, based on financial records dating back to 2014. vDos launched in 2012, so it might be accurate to say that its creators have made over $1 million since its creation.
The investigator also told Krebs that vDos was hosted on servers in Bulgaria, but its two creators were from Israel, as revealed by support tickets. The site's two creators had banned the ability to launch DDoS attacks against Israeli IPs so that it would not cause problems with local authorities.
[...] Soon after the article went live and users started sharing it on social media, Reddit, Slashdot, and HackerNews, a DDoS attack hit Krebs' website. According to Krebs, the attack was initially small, only 20 Gbps, but more than enough to bring down his website. In reality, 1 Gbps is more than enough to bring down most web servers. This initial attack later turned into a 128 Gbps attack. [...] UPDATE: Minutes after publishing this story, reports came in that Israeli law enforcement arrested the two alleged vDos owners named in the Krebs report.
Also at The Register, which notes that the two men authored a paper about DDoS attacks signed with their real names, and that one of them had previously claimed to have attacked the Pentagon.
Related Stories
Akamai kicked journalist Brian Krebs' site off its servers after he was hit by a 'record' cyberattack is how Business Insider describes the ongoing DDoS (Distributed Denial of Service Attack) against Brian Krebs (currently offline; google cache). This is notable as Akamai was able to mitigate the effect of the record scale attack but has decided to end their service relationship with Krebs. Victory has currently been handed to the attackers: if the goal is to get Krebs' website off the Internet it has succeeded regardless of the mechanism. Despite being deleted off the Internet Krebs does not fault Akamai.
The really Interesting question is how long will it take for Krebs to return to operational status? Is there anyone else that will be willing to donate their mitigation services so Krebs can go back online? Is there any possible way he could afford to pay normal prices for mitigation services that could handle 600 gigabits per second of flooding? Exactly who do you have to piss off, how sophisticated do they need to be, and how long can they afford the risk involved with carrying out the attack? Free Speech for the Internet is going to be defined by how this plays out.
takyon: These cybercriminals are just going to get Krebs more attention and appearances in the mass media. Krebs expects his site to be back up later today. Also, it is important to note that Akamai/Prolexic provided Krebs free service.
Previously: Brian Krebs DDoSed After Exposing vDos Operators; Israeli Authorities Hit Back With Arrests
Brian Krebs' Blog Hit by 665 Gbps DDoS Attack
DDoS Mitigation Firm Founder Admits to DDoS:
KrebsOnSecurity exposed the co-administrators of vDOS and obtained a copy of the entire vDOS database, including its registered users and a record of the attacks those users had paid vDOS to launch on their behalf.
Those records showed that several email addresses tied to a domain registered by then 19-year-old Preston had been used to create a vDOS account that was active in attacking a large number of targets, including multiple assaults on networks belonging to the Free Software Foundation (FSF).
The 2016 story on BackConnect featured an interview with a former system administrator at FSF who said the nonprofit briefly considered working with BackConnect, and that the attacks started almost immediately after FSF told the company's owners they would need to look elsewhere for DDoS protection.
Perhaps having fun at the expense of the FSF was something of a meme that the accused and his associates seized upon, but it's interesting to note that the name of the FSF's founder — Richard Stallman — was used as a nickname by the co-author of Mirai, a potent malware strain that was created for the purposes of enslaving Internet of Things (IoT) devices for large-scale DDoS attacks.
Related:
DDoS Against Brian Krebs Scores a Victory: KrebsOnSecurity is Offline
Brian Krebs DDoSed After Exposing vDos Operators; Israeli Authorities Hit Back With Arrests
(Score: 1, Informative) by Anonymous Coward on Monday September 12 2016, @05:27PM
$618,000 for 150,000 attacks works out to $4.12 per attack, on average.
(Score: 1, Funny) by Anonymous Coward on Monday September 12 2016, @05:54PM
Volume discounts is where it's at! Just leverage the synergies of vertical scalability ... and profit!
(Score: 2) by EvilSS on Monday September 12 2016, @09:12PM
Yea this is one of the problems with DDOS attacks: they are dirt cheap. Hell even kids can afford to buy attacks against other online game players to knock them offline and out of a match. Happens all the time thanks to many console games using P2P instead of dedicated servers for multiplayer.
(Score: 0, Disagree) by Anonymous Coward on Monday September 12 2016, @05:28PM
ermmm, could one not finally use the internet for something good?
it seems, that even in a complex digital technology tower reaching the cloudy heights that relies on so
many parts of trust meshing together to keep working, that one doesn't use it for something better then waging war?
obviously waging a "cyber war" is completely futile since per definition wars don't need trust or complex systems working together.
rather wars need to function when everything breaks down or is unavailable.
with the internet, a complex chain of trust starting with chip manufacturing, all other components, networks and its operators
and last but not least, operating systems need to be trusted to make a working internet ... work.
if only one, just one(!) part of the chain doesn't work and is sabotaged the whole thing breaks down. what a silly battlefield!
so it is really really AMAZING that in a world where real names are required for domain name registration and outsourced
hosting in a server farm/warehouse are the norm, that DOS attacks still exist.
one has to assume that this is a "problem" that doesn't want to be solved because some powerful player require it to wage "war" (just in case).
rather it would be so simple to add a field to the domain registration that states on how much bandwidth a domain is hosted on and this would activate a "ddos mitigation mechanism" if exceeded?
of course this field would maybe have the capacity to be updated frequently, because after all a site might actually get more popular, thus attracting more traffic, over time ...
this would be a useful "domain registration requirement" ...
(Score: 0) by Anonymous Coward on Monday September 12 2016, @05:38PM
I hope nobody takes your post seriously. The lack of punctuation, capitalization, and proper grammar probably puts off most, but there are a few starry-eyed youngsters who can look past that and I want them to understand that your characterization of cyber-war is so incomplete, inadequate, and flatly wrong that I can only assume you are deliberately trying to dumb down the public discourse over these issues at the behest of what is probably an underground criminal or communist detachment of cyber warriors, possibly under the influence of government-supplied psychedelic compounds.
(Score: 3, Touché) by aristarchus on Monday September 12 2016, @07:53PM
Not to mention all the run-on sentences. I said, don't mention them!
(Score: 0) by Anonymous Coward on Tuesday September 13 2016, @03:02PM
there's no "cyber war".
if it would start, the internet would wink out in 2 seconds.
like i said, the internet is super complex, fickle and is build on trust. it is not suitable for war waging.
if you want to use "cyber" with something, you can use it as "cyber vandalism", "cyber extortion" or "cyber brainwashing".
"cyber war" was "invented" by american military to get MEOR access (and funds?) and using the word "war" made it really really scary (circa ~1996).
for example, the internet depends on stable, constant electricity supply and well behaved backhoes and ship anchors.
having everything "concentrated" in server-farm ware houses doesn't really bode well for all the airplanes on
pearl harbour bunched together to make sabotage easier to spot and then you tomahawk-rocket the nearest electricity distribution yard or
some central baghdad electricity power plant and the poor country still hasn't fully recovered from the well-destroyed power-grid.
see you next hurricane, internet! cheers!
the term "cyber war" is so bad i don't want even use correct English to tell you have stupid it is but it makes a nice fractal:
stupid english to describe a stupid term ^_^
(Score: 0) by Anonymous Coward on Monday September 12 2016, @09:51PM
Like porn?
(Score: 2) by butthurt on Monday September 12 2016, @11:50PM
Wikipedia has an article about computer-centric warfare, which lists several examples of its use.
https://en.wikipedia.org/wiki/Cyberwarfare [wikipedia.org]
Some famous incidents that are often perceived as "cyberwar":
https://en.wikipedia.org/wiki/Sony_hack [wikipedia.org]
https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia [wikipedia.org]
https://en.wikipedia.org/wiki/Stuxnet [wikipedia.org]
(Score: 5, Funny) by halcyon1234 on Monday September 12 2016, @08:54PM
Idiot 1: "We're doing an amazing job at bilking people who don't know any better. Who should our next target be?"
Idiot 2: "How about one of the best and most high-profile security researches who has built a career out of taking down operations like ours?"
Idiot 1: "Brillant!"
Suddenly: JAIL
Original Submission [thedailywtf.com]
(Score: 3, Funny) by Anonymous Coward on Monday September 12 2016, @09:18PM
In their defense they never stood a chance with names like 'Idiot 1' and 'Idiot 2'. Their parents should have seen this coming.
(Score: -1, Flamebait) by Anonymous Coward on Monday September 12 2016, @11:52PM
They are jews, and so are cunning to the core. They setup their system so it will not attack ip addresses inside their country. Quite cunning.
Intelligent... not so much.
Its almost always the less intelligent who are criminals. These two are definitely of less mental capacity. And on top of that, they are also jews.
And it will be no jail time for them. Israel was founded so that jews who are found out robbing and plundering the world can go hide there until the world forgets their crimes.
(Score: 2) by takyon on Tuesday September 13 2016, @01:23AM
I'm not really sure that their final DDoS was what led to their arrests. Probably the sudden publicity/exposure sparked by Krebs was to blame. Hell, I can't even attribute that DDoS to them.
but they fucked now.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Tuesday September 13 2016, @01:59AM
too bad this is an english forum, so most of the vocabulary that adequately describes this cannot be used, cos its in russian.
mistakes were made... They
1) fucked with someone who had better standing with violence-dispensing people then they had
2) failed to conceal the real site's location through a changing redirect maze, tunnels and packet rewriting.
3) did not make themselves useful to local authorities, so authorities had no reason to protect them (place a roof over their heads so they don't get wet ^_^)
4) NAMES, why?!!
5) the veneer of legitimacy, they thought it might work?!
6) the pentagram? whyyy would you attack the pentagram, lol. what possible profit can that generate
7) they didn't even try to bribe or talk some sense into Krebs?
Imo, one shouldn't fuck with wide-known security researchers, and expect everything to continue as usual.
(Score: 0) by Anonymous Coward on Tuesday September 13 2016, @03:21AM
Europe think it has Muslim problem? Nothing compared to Israel's Russian problem.
(Score: 0) by Anonymous Coward on Tuesday September 13 2016, @10:41AM
I don't see many Israeli nightclubs being blown up by Russians.
(Score: 0) by Anonymous Coward on Tuesday September 13 2016, @11:08AM
They get the Palestinians to do it for them.