An FBI investigation assisted Israeli law enforcement in the arrest of two Israeli teens suspected to be behind vDOS, which is a paid online service that is said to have perpetrated a majority of the distributed denial of service, or DDoS, attacks over the past few years.
DDoS attacks flood the resources or bandwidth of a targeted website or system with traffic, with the aim of making the target unavailable. A recent example is the attack launched by hacking group PoodleCorp against Blizzard's Battle.net, including servers for Overwatch and World of Warcraft.
Customers who wished to hire the services of vDOS were presented various subscription options, with prices depending on how long the DDoS attack will be requested to last.
According to security blogger Brian Krebs, vDOS has helped customers launch over 150,000 DDoS attacks, with the platform having earned over $618,000 since July 2014. It was also said that vDOS was behind the launch of over 277 million seconds of attack time between April and July this month, which is equivalent to about 8.81 years of traffic.
It should also be noted that the $618,000 earnings figure for vDOS is a conservative amount, as the service dates back to as early as September 2012. However, payment records are unavailable for services carried out before 2014. As such, Krebs wrote that vDOS has likely earned over $1 million over its lifetime.
The two teens, Yarden Bidani and Itay Huri, were arrested because of carelessness. The duo hosted vDOS in a server that is connected to Huri, with the e-mail and SMS notifications of the platform linked to the two teens.
Bidani and Huri even wrote a technical paper focus on DDoS attacks, and the old Facebook page of Bidani had a reference to the AppleJ4ck pseudonym that he uses when conducting business for vDOS. Lastly, vDOS did not accept requests to target Israeli websites because it was in the service's home country.
The two teens are out on bail, but officials have placed both of them under a 10-day house arrest. Their passports have also been confiscated, with no access to telecommunication devices for 30 days.
The arrest of Bidani and Huri and the takedown of vDOS will not stop the propagation of paid DDoS attacks. As the two teens showed, launching such a platform only needs a botnet and some basic skills in business.
However, with the FBI showing teeth in catching such paid services, DDoS providers might want to rethink their activities, especially if they have been careless in covering their tracks.