Slashdot Mirror
Israeli DDoS Provider 'vDOS' Earned $600,000 In Two Years (krebsonsecurity.com)
pdclarry writes: Brian Krebs writes that he has obtained the hacked database of an Israeli company that is responsible for most of the large-scale DDoS attacks over the past (at least) 4 years. The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principle owners and masterminds of the attack service, with support services coming from several young hackers in the United States. Records before 2012 were not in the dump, but Krebs believes that the service has actually been operating for decades. The report starts by saying, "vDos -- a so-called 'booter' service has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock websites offline -- has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets." In regard to how long the service has been operating, Krebs believes the service has been operating for decades "because the data leaked in the hack of vDOS suggests that the proprietors erased all digital records of attacks that customers launched between Sept. 2012 (when the service first came online) and the end of March 2016."
Cool your jets there, skinhead. This is two out of 8 million people.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
The article does not claim to prove the offending service has been in operation for decades. Instead it, says this:
Although I can’t prove it yet, it seems likely that vDOS is responsible for several decades worth of DDoS years. That’s because the data leaked in the hack of vDOS suggest that the proprietors erased all digital records of attacks that customers launched between Sept. 2012 (when the service first came online) and the end of March 2016.
Krebs is using "DDoS year" metric to describe the scale of traffic involved. -PCP
Not to mention Israel's a multicultural society that includes Christians, Muslims, and lots of other folks.
Yeah. If I believed that Cinderella actually happened, I'd really hate people who didn't agree with me.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
The summary isn't great, it seems to contradict itself a couple of times. If the site "erased all digital records of attacks that customers launched between Sept. 2012 ... and the end of March 2016", then how do you have data for "the past two years"? I skimmed the whole article and didn't find an answer to that one, my best guess is that they meant the attack data itself was erased, but the service requests, chat logs, etc that Krebs references were not erased.
Regarding the "operating for decades" vs "Sept. 2012 (when the service first came online)", it's because Krebs is writing about the aggregate amount of time wasted by the DDoS. He calls it "DDoS seconds" which he then rolls up to years. He is not suggesting the service has been operating for decades, but rather that in the past 5 years the service has caused the equivalent of decades worth of service disruption. (So if 30 hosts are disrupted for 2 hour, that's 60 hours of downtime total, or "DDoS 2.5 days", even though the DDoS attacks only lasted 2 hours and ran in parallel.)
The most interesting part of the article is that subscribing to the DDoS service was only $30/month. That sounds cheaper than paying for DDoS protection/mitigation services, and makes me wonder if vDOS will change their service into a protection racket (pay us to be on our "protected" list so other members can't DDoS you.)
A recursive sig
Can impart wisdom and truth
Call proc signature()
I think the "operating for decades" refers to the people and their DDoS activities and "sept. 2012" refers to the specific website they use to offer those activities.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Sorry, my bad, you were right and the summary is truely that bad.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Good work, you know how to right it wrong.
And I didn't know 5 years were enough to count as "decades".
ID: the nose did not occur naturally, how would we wear glasses otherwise? (apologies to Voltaire)
“The DDoS-for-hire service is hidden behind DDoS protection firm Cloudflare”
Nuff said.
This is not pedantry.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Now that these guys are exposed as living in a country supposedly with laws, what will happen to them.
They didn't steal or break any major infrastructure, but they did cause quite a bit of mayhem.
Perhaps a bit of computer timeout to provide time to think and retrain for something productive.
Some have hoped these guys will now get prosecuted in Israel. Doubtful. More likely, they will be joining a shadowy IDF unit, probably with a bump-up in pay (they didn't target their fellow chosen citizens, so no problem).
The summary is wrong. The author didn't say the service has been operating for decades. It said its likely to have been responsible for several decades' worth of attacks, which this service measured in seconds. Since the service allows many concurrent attacks, Krebs said that in four months time the site was responsible for 8 years ("DDoS years) worth of attacks.
...because you never know who you're dealing with.
Two notes: #1 - Plenty of Arabs live in Israel. #2 - I wouldn't refer to certain US citizens as "the Puritan Christians" either, because even when it's not entirely wrong, it may be kind of misleading.
Including people who investigate and prosecute crimes of this kind.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
It's always helpful and constructive to look back thousands of years to find the reasons why your shitty racism is justified.
So, let's see how to distinguish between legitimate criticism and anti-semitism.
If someone says "Since they are in Israel, they won't get punished" (as some here did), that's criticism of Israel. It is incorrect criticism, devoid of any substantiation and relation to the truth, but it is a legitimate criticism. We can conduct a facts based discussion to sort out whether it is true or not.
If someone reflects from those two people to their entire nationality, not to mention entire religious group, with no bearing to any half reasonable reason to do so, that's racism.
You, dear frovingslosh, have made a racist comment as a first post, and got +4 insightful on it. Well done, Slashdot. Well done.
Shachar
And here's the truth.
Quick exert:
Shachar
Posting anonymously because my company is currently the target of such an attack and I don't our adversary information. The cost to defend against someone using their paid ($30/month) service would be around $6000/month from Akamai. If we were a website-only service, the cost would be much lower ($200/month) from Cloudflare.
For a company! The average /.er must be over half of that, >$150K/annum.
Fans of your renowned Hosts File Engine are in shock following this revelation of rabid anti-Semitism. They're speechless, I tell you!
Il n'y a pas de Planet B.
Huh, $300K/year for a high-profile startup? That's not very much.
So we have the names, we know what they did and where they live. There is a money trail, so when are they extradited to the US?
Don't fight for your country, if your country does not fight for you.
Whoever coined the "vDOS" name missed out on a great opportunity. It should have been DDoSaaS.
DUMBaasS naming scheme you got there. :-)
John
Still upset that your side LOST WW2?
*laughter*
Il n'y a pas de Planet B.
So, a Nazi objects to my sig. Sure, that's going to make me stop! Thank you, Adolf!
Go fuck your mother one more time. You obviously need at the friends you can get.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."