Israeli DDoS Provider 'vDOS' Earned $600,000 In Two Years

pdclarry writes: Brian Krebs writes that he has obtained the hacked database of an Israeli company that is responsible for most of the large-scale DDoS attacks over the past (at least) 4 years. The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principle owners and masterminds of the attack service, with support services coming from several young hackers in the United States. Records before 2012 were not in the dump, but Krebs believes that the service has actually been operating for decades. The report starts by saying, "vDos -- a so-called 'booter' service has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock websites offline -- has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets." In regard to how long the service has been operating, Krebs believes the service has been operating for decades "because the data leaked in the hack of vDOS suggests that the proprietors erased all digital records of attacks that customers launched between Sept. 2012 (when the service first came online) and the end of March 2016."

Slashdot summary isn't great, it's "DDoS decades"

[Walking+The+Walk]

The summary isn't great, it seems to contradict itself a couple of times. If the site "erased all digital records of attacks that customers launched between Sept. 2012 ... and the end of March 2016", then how do you have data for "the past two years"? I skimmed the whole article and didn't find an answer to that one, my best guess is that they meant the attack data itself was erased, but the service requests, chat logs, etc that Krebs references were not erased.

Regarding the "operating for decades" vs "Sept. 2012 (when the service first came online)", it's because Krebs is writing about the aggregate amount of time wasted by the DDoS. He calls it "DDoS seconds" which he then rolls up to years. He is not suggesting the service has been operating for decades, but rather that in the past 5 years the service has caused the equivalent of decades worth of service disruption. (So if 30 hosts are disrupted for 2 hour, that's 60 hours of downtime total, or "DDoS 2.5 days", even though the DDoS attacks only lasted 2 hours and ran in parallel.)

The most interesting part of the article is that subscribing to the DDoS service was only $30/month. That sounds cheaper than paying for DDoS protection/mitigation services, and makes me wonder if vDOS will change their service into a protection racket (pay us to be on our "protected" list so other members can't DDoS you.)

Not operating for decades

[tsu+doh+nimh]

The summary is wrong. The author didn't say the service has been operating for decades. It said its likely to have been responsible for several decades' worth of attacks, which this service measured in seconds. Since the service allows many concurrent attacks, Krebs said that in four months time the site was responsible for 8 years ("DDoS years) worth of attacks.

Re:Slashdot summary isn't great, it's "DDoS decade

Posting anonymously because my company is currently the target of such an attack and I don't our adversary information. The cost to defend against someone using their paid ($30/month) service would be around $6000/month from Akamai. If we were a website-only service, the cost would be much lower ($200/month) from Cloudflare.