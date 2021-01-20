from the breaking-down-[fire]walls-to-drum-up-business dept.
DDoS Mitigation Firm Founder Admits to DDoS:
KrebsOnSecurity exposed the co-administrators of vDOS and obtained a copy of the entire vDOS database, including its registered users and a record of the attacks those users had paid vDOS to launch on their behalf.
Those records showed that several email addresses tied to a domain registered by then 19-year-old Preston had been used to create a vDOS account that was active in attacking a large number of targets, including multiple assaults on networks belonging to the Free Software Foundation (FSF).
The 2016 story on BackConnect featured an interview with a former system administrator at FSF who said the nonprofit briefly considered working with BackConnect, and that the attacks started almost immediately after FSF told the company's owners they would need to look elsewhere for DDoS protection.
Perhaps having fun at the expense of the FSF was something of a meme that the accused and his associates seized upon, but it's interesting to note that the name of the FSF's founder — Richard Stallman — was used as a nickname by the co-author of Mirai, a potent malware strain that was created for the purposes of enslaving Internet of Things (IoT) devices for large-scale DDoS attacks.
After Brian Krebs exposed a DDoS-for-hire service disguised as "stress testing", a denial-of-service attack was launched against his website. Now, the two alleged operators of the service have been arrested:
Krebs describes vDos as a DDoS-for-Hire service that offered paid accounts to users who wanted to launch DDoS attacks on their targets or developers who planned to build DDoS services (stressers) of their own. The investigator provided the vDos database to Krebs, who discovered that, in the last two years, vDos customers launched over 150,000 DDoS attacks that totaled more than 277 million seconds of attack time. The database also contained payment records. Krebs discovered that the site's two operators made $618,000 only in the last two years, based on financial records dating back to 2014. vDos launched in 2012, so it might be accurate to say that its creators have made over $1 million since its creation.
The investigator also told Krebs that vDos was hosted on servers in Bulgaria, but its two creators were from Israel, as revealed by support tickets. The site's two creators had banned the ability to launch DDoS attacks against Israeli IPs so that it would not cause problems with local authorities.
[...] Soon after the article went live and users started sharing it on social media, Reddit, Slashdot, and HackerNews, a DDoS attack hit Krebs' website. According to Krebs, the attack was initially small, only 20 Gbps, but more than enough to bring down his website. In reality, 1 Gbps is more than enough to bring down most web servers. This initial attack later turned into a 128 Gbps attack. [...] UPDATE: Minutes after publishing this story, reports came in that Israeli law enforcement arrested the two alleged vDos owners named in the Krebs report.
Also at The Register, which notes that the two men authored a paper about DDoS attacks signed with their real names, and that one of them had previously claimed to have attacked the Pentagon.
Akamai kicked journalist Brian Krebs' site off its servers after he was hit by a 'record' cyberattack is how Business Insider describes the ongoing DDoS (Distributed Denial of Service Attack) against Brian Krebs (currently offline; google cache). This is notable as Akamai was able to mitigate the effect of the record scale attack but has decided to end their service relationship with Krebs. Victory has currently been handed to the attackers: if the goal is to get Krebs' website off the Internet it has succeeded regardless of the mechanism. Despite being deleted off the Internet Krebs does not fault Akamai.
The really Interesting question is how long will it take for Krebs to return to operational status? Is there anyone else that will be willing to donate their mitigation services so Krebs can go back online? Is there any possible way he could afford to pay normal prices for mitigation services that could handle 600 gigabits per second of flooding? Exactly who do you have to piss off, how sophisticated do they need to be, and how long can they afford the risk involved with carrying out the attack? Free Speech for the Internet is going to be defined by how this plays out.
takyon: These cybercriminals are just going to get Krebs more attention and appearances in the mass media. Krebs expects his site to be back up later today. Also, it is important to note that Akamai/Prolexic provided Krebs free service.
