The Israeli vDOS service that is used by various customers around the world for targeting distributed denial of service attacks has been breached by hackers.
VDOS Information Leaked via the Hacker Attack
The popular service vDOS has been breached by hackers and information about its customers and details about the operation of vDOS has been leaked on the Internet. The site offers “booter” services to its clients – a simulation of a DDOS attack that is used for testing the network defences capabilities of a company. The program guarantees between 10 and 50 Gbps of UDP traffic per each stress test. This is a powerful output that can cause a lot of damage if used in malicious ways.
The leaked information shows that the service is responsible for a lot of DDOS attacks that have been launched against businesses all over the world. The service is offered in packages that are based on the length of the attack in seconds.
The vDOS hack itself was made using a vulnerability in the service. The hackers were able to dump the database of the server and the configuration files, revealing the locations of four rented servers in Bulgaria (located at Verdina.net) that are used to launch the attacks. Their true identity is hidden behind the Cloudflare service.
The operators of vDOS are revealed to be two young Israelis that are known in the hacker world as P1stO and AppleJ4ck. They started marketing the service on one of the most popular hacker communities using different price levels ranging from 20 to 200 US dollars per month.
The leaked records indicate that service has received more than 618 thousand dollars from Bitcoin and Paypal payments by customers.
To better protect the identity of the owners and the server locations all contacts and information are relayed. The servers are located in countries such as Bulgaria and use the Cloudflare service that offers reverse proxy services and various privacy features to its customers. The owners use different aliases in the online communities where they market the vDOS service.
On their web page, the owners indicate that they provide technical support to their customers. According to the leaked data when a message is sent through the site it is related to six different phone numbers that are used by the administrators. Two of those numbers are based in Israel. This covert tactic is used to offer privacy protection and conceal their identity.
The Mailgun system is used for email management and among the leaked data there were also the secret keys that are used for its administration and configuration.