128 Gbps DDoS attack hits Brian Krebs' website

Sep 10, 2016 21:20 GMT  ·  By

Brian Krebs, a former investigative journalist who worked for The Washington Post, and who now runs his own blog, has had his site under a barrage of DDoS attacks after exposing a DDoS-for-Hire business that made over $600,000 in the last two years.

The incident revolves around an article Krebs published on Thursday called "Israeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years."

In the article, Krebs describes how the PoodleCorp botnet hack, which we covered at the start of August, contained clues that led an anonymous investigator back to the vDos service.

This investigator managed to find a vulnerability in the vDos service and extract the site's database.

vDos is responsible for over 150,000 DDoS attacks

Krebs describes vDos as a DDoS-for-Hire service that offered paid accounts to users who wanted to launch DDoS attacks on their targets or developers who planned to build DDoS services (stressers) of their own.

The investigator provided the vDos database to Krebs, who discovered that, in the last two years, vDos customers launched over 150,000 DDoS attacks that totaled more than 277 million seconds of attack time.

The database also contained payment records. Krebs discovered that the site's two operators made $618,000 only in the last two years, based on financial records dating back to 2014. vDos launched in 2012, so it might be accurate to say that its creators have made over $1 million since its creation.

vDos is the creation of two Isreali men

The investigator also told Krebs that vDos was hosted on servers in Bulgaria, but its two creators were from Israel, as revealed by support tickets. The site's two creators had banned the ability to launch DDoS attacks against Israeli IPs so that it would not cause problems with local authorities.

The site's two creators, nicknamed AppleJ4ck and P1st (or M30W), had registered a series of domains without masking their identity. Some of the emails, names, and phone numbers used to register these domains and receive phone alerts about support tickets led back to two Israeli citizens, Yarden Bidani and Itay Huri. You can find more in-depth details in Krebs' vDos report.

Soon after the article went live and users started sharing it on social media, Reddit, Slashdot, and HackerNews, a DDoS attack hit Krebs' website.

According to Krebs, the attack was initially small, only 20 Gbps, but more than enough to bring down his website. In reality, 1 Gbps is more than enough to bring down most web servers. This initial attack later turned into a 128 Gbps attack.

Earlier today, Krebs also tweeted that three sources confirmed to him that Isreali law enforcement had raided AppleJ4ck's home.

UPDATE: Minutes after publishing this story, reports came in that Israeli law enforcement arrested the two alleged vDos owners named in the Krebs report.