Late last week, one of the leading sources of cyber security news was shut down after getting hit by one of the largest DDoS attacks in history. The massive assault on KrebsOnSecurity.com came after the site’s owner, Brian Krebs, reported on the exploits and business operations of a company that offers DDoS attacks-for-hire services.
A couple of weeks prior to the attack, Krebs brought to light the activities of vDOS, a company that rendered services for people who wanted to subject certain organizations to a Distributed Denial-of-Service (DDoS) attack. This type of attack is designed to cripple servers by overwhelming them with a flood of network traffic.
vDOS is believed to be behind many of the larger DDoS attacks that have been carried out in the last couple of years. The group had been operating under the radar all this time and is estimated to have amassed no less than $600,000 USD.
In Krebs’ exposé, it was revealed that vDOS was operated by two Israeli teenagers who launched their attacks mainly through servers in Bulgaria. According to Kreb’s article, vDOS not only provided DDoS services to direct customers, they also provided “firepower” to other outfits who, like them, also offered booter services.
Krebs managed to acquire substantial information about vDOS through a source who was investigating another booter service provider called PoodleStresser. During the investigation, that source was able to acquire configuration data from PoodleStresser’s attack servers. Some of the configuration data pointed to vDOS. The source then managed to gain access to vDOS’ servers and acquire databases and configuration files, which in turn led to more disclosures.
The two alleged owners of vDOS were eventually arrested by the FBI (although it’s not known whether the arrest was fueled by Krebs’ revelations). The duo have since been released under a bond of USD $10,000, placed under a 10-day house arrest, and prohibited from using the Internet or telecommunications equipment for 30 days.
But that wasn’t the end of it. About two weeks later, KrebsOnSecurity.com was under a DDoS attack. It wasn’t the first for Krebs by any means, but it certainly was (by a very big margin) the largest. Akamai, which provides pro bono DDoS protection to KrebsOnSecurity.com, was able to withstand the assault at first, but at about 620 Gbps, the attack traffic began to take its toll on Akamai’s resources. To continue defending against the sustained assault meant Akamai had to deploy millions of dollars-worth of resources.
Eventually, Akamai had to throw in the towel and KrebsOnSecurity.com had to temporarily go offline. As of this writing, krebsonsecurity.com is back online. It’s now being secured by Project Shield, a free DDoS protection service owned by Google.
Later, analysis of the attack revealed that, unlike most large scale DDoS attacks, which relied on botnets of misconfigured DNS servers, this one seemed to be originating from hacked IoT-enabled consumer electronic devices like routers, digital cameras, smart firewalls, light bulbs, thermostats, espresso machines, and many others.
These events underline how serious the booter services menace has now become and has taught us a few important things:
- The scale of this attack is alarming and causes everyone to re-evaluate their defences.
- Attackers have added IoT devices (of which there are billions) to their real-world arsenal.
- The criminal business model for DDoS has matured and become very lucrative.
It looks like the Internet of things is really growing up.
Now might be a good time to get a free network risk assessment.