Two Israeli hackers, Itay Huri and Yarden Bidany, were arrested last Thursday, according to police, in response to an FBI request. The two were remanded to house arrest under constant supervision on Friday, and their passports were confiscated. Brian Krebs, who blogs on cyber security, reported on Friday that the two Israelis are behind a service that brought in an estimated $600,000 in two years for selling customers denial-of-service (DDoS) attacks that knock websites offline. According to Krebs, the hackers have been themselves hacked “massively,” revealing the identities of thousands of paying customers and the websites they wanted to target.
Krebs says the attack website, named vDOS (the URL is marked as risky by most browsers), was “responsible for a majority of the DDoS attacks clogging up the Internet over the past few years,” as the two hackers were selling their services for between $20 and $200 a pop, depending on the duration of the attacks. It appears that in the four months between April and July 2016, “vDOS was responsible for launching more than 277 million seconds of attack time,” or just under 9 years of denial of service packed into 120 days.
According to Krebs, “vDOS had a reputation on cybercrime forums for prompt and helpful customer service,” which is why its leaked databases “offer a fascinating glimpse into the logistical challenges associated with running a criminal attack service online that supports tens of thousands of paying customers — a significant portion of whom are all trying to use the service simultaneously.”
Itai Huri recently co-authored an article published by an Israeli cyber security website named Digital Whisper, discussing ways to initiate large scale DDoS attacks using limited computing power. Huri’s bio under the article reads: Itai Huri is 18 and about to be enlisted in the IDF. He spends his free time in web development and data security.”