Two Israeli teenagers arrested over vDOS DDoS-for-hire service

google project zero publishes microsoft browser day bug hacker keyboard dark room
Updated on 9-12-2016 by Jonathan Keane: Israeli police arrest two teens for allegedly running the vDOS DDoS-for-hire service

Israeli news site Haaretz reports that the Israeli national police arrested two teenagers following a tip from the FBI. The two men, Huri and Yarden Bidani, (it has not been clarified if they are related) are under house arrest for 10 days at $10,000 bail. They were also ordered to hand over their passports and are barred from using the internet for 30 days. The vDOS website is now offline.

The vDOS operators are alleged to have carried out hundreds, if not thousands, of DDoS attacks on websites on behalf of customers, earning at least $600,000 in the last two years. However the site had a policy of never attacking Israeli sites to avoid drawing too much attention to itself at home.


A web service that helped customers carry out distributed denial-of-service (DDoS) attacks on unsuspecting victims has been hacked revealing data on the customers that availed of this clandestine service.

According to security journalist Brian Krebs, vDos was hacked recently and he obtained a copy of the leaked data in July. Upon scrutinizing the database, he claims that vDOS is being run by two Israeli cybercriminals under the pseudonyms of P1st or P1st0 and AppleJ4ck, with associates in the United States.

vDOS allegedly offered monthly subscriptions to DDoS attack services, paid in bitcoin or even through PayPal, with the prices based on how long the attack would last. These DDoS attacks would launch fake traffic at victim websites, overwhelming their servers and knocking the sites offline. A particularly strong DDoS attack could cripple a site for days.

“And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years’ worth of attack traffic,” Krebs said in his analysis. He added that he believes vDOS was handling hundreds or even thousands of concurrent attacks a day. Kreb’s analysis is based on data from April to July. Apparently all other attack data going back to the service’s founding in 2012 has been wiped away.

Krebs’ source for info on the hack was allegedly able to exploit a hole in vDOS that allowed him to access its database and configuration files. It also allowed him to source the route of the service’s DDoS attacks to four servers in Bulgaria.

Among the data dump were service complaint tickets where customers could file issues they had with the DDoS attacks they purchased. Interestingly the tickets show that the owners of vDOS declined to carry out attacks on Israeli sites to avoid drawing attention to themselves in their native land.

The duo supposedly made $618,000 according to payments records dating back to 2014 in the data dump.

“vDOS does not currently accept PayPal payments. But for several years until recently it did, and records show the proprietors of the attack service worked assiduously to launder payments for the service through a round-robin chain of PayPal accounts,” Krebs said.

The operators of the DDoS service are believed to have enlisted the help of members from the message board Hackforums in laundering the money.

Krebs warned that services like vDOS are worrisome because they make cybercrime tools available to pretty much anyone willing pay. In some cases, vDOS offered subscriptions as low as $19.99. These sorts of tools, also known as booter services, can be used ethically for testing how your site holds up against large swathes of traffic but in the wrong hands they can be abused and sold very easily.

“The scale of vDOS is certainly stunning, but not its novelty or sophistication,” Ofer Gayer of security firm Imperva said but added that this new widespread attention on DDoS service might stall them for a while.

Smart Home

Angee’s security service switches from sales to subscriptions

Angee, a successful startup that raised nearly half a million dollars for its home security hub, has pivoted its business model to offer its home security platform as a subscription rather than a smart home product.
Movies & TV

The best shows on Netflix, from 'The Haunting of Hill House’ to ‘The Good Place’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Movies & TV

‘Orange is the New Black’ will end with season 7, Netflix says

Netflix has confirmed that its award-winning series Orange is the New Black will end its run with the upcoming season 7, bringing the show to an end with a final season premiering in 2019.

Hinge's new feature wants to know who you've gone out on dates with

With its new "We Met" feature, Hinge wants to learn how your dates are going with matches in its app. That way, it can inject the information into its algorithm to provide future recommendations that better suit its users' preferences.

Google Chrome 70 is finally getting a picture-in-picture mode

Picture-in-picture mode is finally coming to Google Chrome 70 on Mac, Linux, and Windows. The feature not only applies to YouTube but also any other website where developers have chosen to implement it.

Intel's 9th-gen chips could power your next rig. Here's what you need to know

The Intel Core i9-9900K processor was the star of the show for consumers, but a powerful 28-core Xeon processor also led announcements. Here's everything you need to know about the latest Intel chipsets.

Despite serious security flaws, D-Link will (again) not patch some routers

D-Link revealed that it won't patch six router models despite warnings raised by a security researcher. The manufacturer, for the second time in a span of about a year, cited end-of-life policies for its decision to not act.

Core i9s and Threadrippers are all powerful, but should you go AMD or Intel?

The battle for the top prosumer CPUs in the world is on. In this head to head, we pit the Core i9 versus the Threadripper to see which is the best when it comes to maximizing multi-core performance on a single chip.

Apple’s latest feature ensures MacOS apps are safer than ever

MacOS is mythically known for being more immune to viruses than Windows, but that doesn't mean there isn't room to make it safer. Apple is using an app notarization feature to protect users from downloading malicious apps.

There’s now proof that quantum computing is superior to the classical variety

For the first time in computer science history, researchers have tangibly demonstrated how a quantum computer is better than a classical computer. A quantum computer was able to solve a math problem that a classical PC cannot.

In 2018, the rivalry between AMD and Intel has become more interesting than ever

When it comes to selecting a CPU for your PC, there's no shortage of chips for you to choose from. With Ryzen, Threadripper, and Core i9 CPUs though, the AMD vs. Intel argument is muddier than ever.

Will Apple introduce a new MacBook at its Oct. 30 event? Here's everything we know

Whether it's called the MacBook Air or just the MacBook, Apple is highly rumored to introduce a new, affordable laptop in 2018. We discuss reports about upgrading displays, processors, sign-in features, and more.

Apple CEO demands Bloomberg retract its Chinese surveillance story

Apple CEO Tim Cook is calling on Bloomberg to retract a story alleging that Apple had purchased compromised servers that allowed the Chinese government to spy on Apple. Apple's investigation found no truth to the story.
Product Review

Dell’s G3 Gaming laptop knows what gamers want, and what they can live without

Compromise and budget gaming laptops go hand-in-hand, but with the G3, Dell has figured out how to balance what gamers want with what they can live without.