A ‘booter’ service designed to simplify DDoS attacks has been hacked and the details of its paying customers revealed, it has emerged.
Researcher Brian Krebs revealed the news in a blog post, claiming the vDOS tool had made its Israeli owners around $600,000 in two years.
During that time, the service has been prolific – accounting for the majority of DDoS attacks on the internet, he claimed.
“And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years’ worth of attack traffic,” Krebs continued.
“Let the enormity of that number sink in for a moment: That’s nearly nine of what I call “DDoS years” crammed into just four months. That kind of time compression is possible because vDOS handles hundreds — if not thousands — of concurrent attacks on any given day.”
In operation since 2012, vDOS was hacked via a vulnerability in another hacker tool called PoodleStresser. That allowed an individual to exploit a more serious hole in vDOS which gave them access to related databases and config files, as well as providing the internet address of four servers in Bulgaria used by the DDoS-ers.
Ironically, vDOS itself is protected from DDoS attacks by Cloudflare.
It’s likely that the service has made a lot more money for its owners than $600,000 – as that is merely the figure for purchases made since 2014. As such, Krebs estimates vDOS has generated profits of around $1 million since its launch four years ago.
“Defenders of booter and stresser services argue the services are legal because they can be used to help website owners stress-test their own sites and to build better defenses against such attacks,” Krebs argued.
“While it’s impossible to tell what percentage of vDOS users actually were using the service to stress-test their own sites, the leaked vDOS logs show that a huge percentage of the attack targets are online businesses."