Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Databases Security Software United States News Technology

Israeli DDoS Provider 'vDOS' Earned $600,000 In Two Years (krebsonsecurity.com) 74

pdclarry writes: Brian Krebs writes that he has obtained the hacked database of an Israeli company that is responsible for most of the large-scale DDoS attacks over the past (at least) 4 years. The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principle owners and masterminds of the attack service, with support services coming from several young hackers in the United States. Records before 2012 were not in the dump, but Krebs believes that the service has actually been operating for decades. The report starts by saying, "vDos -- a so-called 'booter' service has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock websites offline -- has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets." In regard to how long the service has been operating, Krebs believes the service has been operating for decades "because the data leaked in the hack of vDOS suggests that the proprietors erased all digital records of attacks that customers launched between Sept. 2012 (when the service first came online) and the end of March 2016."
This discussion has been archived. No new comments can be posted.

Israeli DDoS Provider 'vDOS' Earned $600,000 In Two Years

Comments Filter:
  • Inaccurate summary (Score:2, Insightful)

    by Anonymous Coward

    The article does not claim to prove the offending service has been in operation for decades. Instead it, says this:

    Although I can’t prove it yet, it seems likely that vDOS is responsible for several decades worth of DDoS years. That’s because the data leaked in the hack of vDOS suggest that the proprietors erased all digital records of attacks that customers launched between Sept. 2012 (when the service first came online) and the end of March 2016.

    Krebs is using "DDoS year" metric to describe the scale of traffic involved. -PCP

  • by Walking The Walk ( 1003312 ) on Friday September 09, 2016 @07:28AM (#52853647)

    The summary isn't great, it seems to contradict itself a couple of times. If the site "erased all digital records of attacks that customers launched between Sept. 2012 ... and the end of March 2016", then how do you have data for "the past two years"? I skimmed the whole article and didn't find an answer to that one, my best guess is that they meant the attack data itself was erased, but the service requests, chat logs, etc that Krebs references were not erased.

    Regarding the "operating for decades" vs "Sept. 2012 (when the service first came online)", it's because Krebs is writing about the aggregate amount of time wasted by the DDoS. He calls it "DDoS seconds" which he then rolls up to years. He is not suggesting the service has been operating for decades, but rather that in the past 5 years the service has caused the equivalent of decades worth of service disruption. (So if 30 hosts are disrupted for 2 hour, that's 60 hours of downtime total, or "DDoS 2.5 days", even though the DDoS attacks only lasted 2 hours and ran in parallel.)

    The most interesting part of the article is that subscribing to the DDoS service was only $30/month. That sounds cheaper than paying for DDoS protection/mitigation services, and makes me wonder if vDOS will change their service into a protection racket (pay us to be on our "protected" list so other members can't DDoS you.)

    • by mwvdlee ( 775178 )

      I think the "operating for decades" refers to the people and their DDoS activities and "sept. 2012" refers to the specific website they use to offer those activities.

    • by Anonymous Coward on Friday September 09, 2016 @10:14AM (#52854537)
      Posting anonymously because my company is currently the target of such an attack and I don't our adversary information. The cost to defend against someone using their paid ($30/month) service would be around $6000/month from Akamai. If we were a website-only service, the cost would be much lower ($200/month) from Cloudflare.
  • Good work, you know how to right it wrong.

    And I didn't know 5 years were enough to count as "decades".

    • And I didn't know 5 years were enough to count as "decades".

      Sure enough, it's 0.5 decades.
      I'll go jog a few femtoparsecs today.

  • by Anonymous Coward on Friday September 09, 2016 @08:08AM (#52853787)

    “The DDoS-for-hire service is hidden behind DDoS protection firm Cloudflare”

    Nuff said.

  • This is not pedantry.

  • by Anonymous Coward

    Now that these guys are exposed as living in a country supposedly with laws, what will happen to them.

    They didn't steal or break any major infrastructure, but they did cause quite a bit of mayhem.

    Perhaps a bit of computer timeout to provide time to think and retrain for something productive.

    • by Sun ( 104778 )

      Assuming a complaint was filed with the Israeli police, and the evidence is strong (both assumptions are far from trivial), most likely outcome is that they go to jail for a few years.

      That's assuming there is no extradition request from another country.

      Shachar

    • Well if the logs show that any US companies have been affected, I expect a couple of extradition warrants to follow soon after.

  • Some have hoped these guys will now get prosecuted in Israel. Doubtful. More likely, they will be joining a shadowy IDF unit, probably with a bump-up in pay (they didn't target their fellow chosen citizens, so no problem).
  • by tsu doh nimh ( 609154 ) on Friday September 09, 2016 @08:24AM (#52853839)
    The summary is wrong. The author didn't say the service has been operating for decades. It said its likely to have been responsible for several decades' worth of attacks, which this service measured in seconds. Since the service allows many concurrent attacks, Krebs said that in four months time the site was responsible for 8 years ("DDoS years) worth of attacks.
  • For a company! The average /.er must be over half of that, >$150K/annum.

  • Huh, $300K/year for a high-profile startup? That's not very much.
  • So we have the names, we know what they did and where they live. There is a money trail, so when are they extradited to the US?

There are no games on this system.

Working...