Alleged Operators of DDoS Service Arrested in Israel

Two Israeli nationals suspected of operating a highly profitable DDoS service were arrested last week in Israel following an investigation conducted by the U.S. Federal Bureau of Investigation (FBI).

Security blogger Brian Krebs reported on Thursday that the operators of a so-called booter service named vDOS had earned more than $600,000 in the past two years by launching 150,000 distributed denial-of-service (DDoS) attacks on behalf of their customers.

vDOS, whose DDoS services can be rented for between $20 and $200 per month, is believed to have been around since 2012. The service’s profits were at one time laundered through PayPal, until its operators switched to Bitcoin payments.

Krebs investigated the service and its operators after someone hacked vDOS and gained access to its databases, configuration files, and real IP addresses. Evidence uncovered by the journalist showed that two Israeli nationals named Itay Huri and Yarden Bidani were likely behind the booter.

Roughly coinciding with Krebs’ report, Israeli news websites announced that Huri and Bidani, both aged 18, had been arrested. The suspects were taken into custody on Thursday, after Israeli police was informed of their activities by the FBI.

On Friday, Krebs’ website was targeted in a DDoS attack that peaked at nearly 140 Gbps. It’s possible that the attack was conducted via vDOS by Huri and Bidani since both suspects were bailed on Friday.

Authorities seized their passwords and placed them on house arrest for 10 days. They have also been banned from using the Internet and any telecom equipment for 30 days.

Huri and Bidani, who are said to have used the aliases P1st and AppleJ4ck, don’t appear to have put too much effort into protecting their real identities, or to hide their interest for DDoS attacks. The two recently published a technical paper on DDoS attacks on the website of Israeli company Digital Whisper. Furthermore, Bidani’s personal Twitter profile lists vDOS as his website and shows a tweet about the Pentagon’s site being down due to a DDoS attack in March 2015.

The vDOS website, hosted at vdos-s.com, is currently offline. Krebs has learned that a security firm called BackConnect Security hijacked its Internet addresses in an effort to stop an attack aimed at its networks.

Related Reading: Two Men Arrested in U.S. for Hacking Emails of Top Officials

Related Reading: Nigerian Behind $60 Million Online Fraud Network Arrested