Largest DDoS-For-Hire Service Admins Arrested and Charged in Israel

According to BleepingComputer, Israeli authorities recently charged two 19-year-olds for running the largest DDoS-for-hire service platform at the time it went down in autumn of last year, known as vDos. DDoS (Distributed Denial of Service) attacks essentially attempt to take an online service down by overwhelming it with traffic from multiple sources. They are so common that there is now an online Digital Attack Map which allows people to witness these attacks as they occur.

How vDos was taken down

vDos operated from 2012 to 2016, when it was taken down. Not a lot of people knew about its existence, but according to researchers, the service was responsible for most DDoS attacks occurring during that period. In the summer of 2016, a similar attack-for-hire service called PoddleStresser, run by the infamous DDoS hacking crew PoodleCorp, was hacked due to a vulnerability.

This allowed hackers and security professionals to dump data from the third-party botnet, which at the time was mostly being used to attack gaming servers. Clues from PoodleStresser’s code led to vDos’s API, and the data eventually ended up in the hands of Infosec investigative journalist Brian Krebs.

In September 2016, Krebs published an exposé on his blog in which he revealed everything. According to his post, vDos earned its administrators – Itay “p1st” Huri and Yarden “applej4ck” Bidani – over US$600,000 from thousands of clients. The article even mentioned that vDos’s administrators had laundered money received through PayPal with the help of various forum members.

A few hours after Krebs published his article, Israeli police acted on an FBI tip and took down vDos for good. After Bidani and Huri’s arrests, one of the biggest DDoS attacks the internet had ever seen –allegedly involving 665 GB of traffic per second– hit Krebs’ blog KrebsOnSecurity. The attacks originated from the DDoS-for-hire community and dissatisfied vDos customers.

Before being taken down, vDos offered a broad range of DDoS-for-hire services, including botnet rentals. Its package prices ranged from US$29.99 to US$199.99 per month, and multiple clients often used the service simultaneously. A mirror of the service’s website is available online.

Israeli authorities are pressing charges

Israeli officials are moving forward with the investigation of vDos’s administrators and have filed a formal indictment, according to the Israeli State Department Prosecutor’s Office. The suspects are not named, as they were minors when their service was up and running, but the provided statement confirms most of Krebs’s findings.

For example, it confirms that vDos operators made over US$600,000 from thousands of clients throughout the years, and that the service has ties to renowned DDoS hacking groups such as Lizard Squad and PoodleCorp.

Investigators say that over 2 million DDoS attacks were launched using vDos, and that its admins used a fake UK company to launder money that they had received via PayPal and in Bitcoin.