Cyber battle rages on Internet after arrest of cyber crime suspects
Are these revenge attacks after two alleged kingpins are put on house arrest?
You’re at the helm of the ship, taking blast after blast.
It’s not lasers or torpedoes, but DDoS attacks—where the invaders are launching so much data at your web site or server that they can cripple you or even shut you down.
That’s what Bryant Townsend is facing. He is founder and CEO of cybersecurity company BackConnect, and now may be on the front lines of an intense battle over your digital world.
“We have been the target of multiple DDoS attacks throughout the evening and late night,” Townsend said.
Why? Now working on little sleep, Townsend said the barrage may be retaliation after his company’s work helped bring down part of the empire of two teenage hackers who allegedly ran an online attack service for criminals around the world.
Young, skilled, motivated—the two eighteen-year-olds arrested in Israel last week also appear to be the “principle owners and masterminds” of this attack service, called vDOS, according to KrebsOnSecurity.
vDOS earned its owners more than $600,000, launching at least 150,000 DDoS—distributed denial of service—strikes over the last two years, KrebsOnSecurity reported.
Page from vDOS site, according to KrebsOnSecurity.
You may have even felt the impact of their constant digital assaults, with a site temporarily unavailable, or an interruption in your online game.
“To say that vDOS has been responsible for a majority of the DDoS attacks clogging up the Internet over the past few years would be an understatement,” wrote Brian Krebs of KrebsOnSecurity.
“The various subscription packages to the service are sold based in part on how many seconds the denial-of-service attack will last,” he said. “And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years worth of attack traffic.”
Twitter account associated with vdos-s.com.
The final siege?
Few could stop the vDOS assaults, it seemed. Until September 6, two days before the arrest.
BackConnect’s mission is to protect its customers from DDoS and other digital assaults.
“One of our clients and our website received a large and relatively sophisticated DDoS attack,” Townsend told Archer News.
BackConnect automatically detected and mostly filtered the attack, he said, but they noticed a small leak in their filters.
“In response, we quickly applied new security rules that rendered the attack entirely ineffective,” he said.
Problem solved? No.
The attackers responded, too, by harassing BackConnect with calls from spoofed numbers, according to Townsend.
“Throughout the day and late into the night, these calls and threats continued to increase in number,” he said. “Throughout these calls, we noticed an increasing trend of these attackers bringing of personal information about myself and employees.”
He said he filed a police report. The attackers continued, with increasing signs that they might actually carry out some of their threats.
“This was the point where I decided we needed to go on the offensive to protect our employees, their families and myself,” Townsend said.
BackConnect launched its own assault—a hijack of the vDOS site. They used an attack called BGP [border gateway protocol] hijacking to re-direct the site’s traffic somewhere else.
“Our actions proved to be extremely effective, as all forms of harassment and threats from the attackers immediately stopped,” Townsend said.
The company also collected information about the people behind vDOS. Soon, the two teens were under arrest.
“This is a major victory in the fight against booter services, as vDOS was the largest public DDoS-for-hire service on the market,” he said.
A booter service offers DDoS attacks for a fee—often very low—so that criminals with little technical skills or knowledge can lay siege on sites and servers.
But the battle is not over yet.
The day after the arrests, KrebsOnSecurity reported it came under a “heavy and sustained denial-of-service attack,” shutting down the site for a short time.
Inserted in the attack data was a message—“godiefaggot,” Krebs said. And the attacks continue.
BackConnect, too, is fending off DDoS strikes, with CTO Marshal Webb leading the response.
“We hope to uncover more information on the attacks as we look through our reporting,” Townsend said.
vDOS’s website is shut down.
Some are monitoring to see what else will happen in the aftermath of the arrests. Could they mean fewer attacks on your digital space?
“The vDOS guys were potentially a major force on the security landscape,” said Dan Shugrue of Akamai Technologies. “We are watching closely to see if there is an overall reduction DDoS attack activity, because it is possible that they were responsible for hundreds if not thousands of DDoS attacks in the past year.”
“If the owners of vDOS were in fact arrested, we can expect to see these attack servers go off line in the following on to two months when the companies hosting them turn off the services due to non-payment,” said Townsend.
“The arrest of the owners of vDOS could very well cause the number and size of DDoS attacks to decrease in the following months,” he added.
vDOS provided a service, but who were their customers?
Townsend said BackConnect is looking over the data to help identify and report the criminals who paid for malicious attacks.
“We expect anyone that used vDOS services in the last four months to go into hiding in fear of also being caught by authorities,” he said.
This will probably not mean the end of these kinds of services, however.
“Any market hates a vacuum, so if there is a reduction, we expect it to be short-lived—someone will step in to fill the void,” said Shugrue.
Still, he sees value in tech and law enforcement working to combat DDoS attack and services.
“Even if someone does come in and take their place after a while, at least one bad actor and their attack infrastructure is out of play for a while, and others who were thinking of getting into the game may not,” Shugrue said to Archer News. “Web businesses and web users benefit.”
“There is no easy answer, of course, but working to stop DDoS and web attacks certainly better than doing nothing,” he added.
BackConnect’s defensive hijacking brought up questions.
“Although we stand by our actions and feel that we made the best decision considering the circumstances, we do not plan to perform any defensive hijackings in the future,” Townsend said.
The company has received support for their use of the tactic in this case, he said.
“We do not want BGP hijacking for defensive purposes to become the norm, as others could use this as a front to cover malicious activities,” he explained. “Even if defensive BGP hijacking is used in good faith, without proper information, the party enacting it could unknowingly cause collateral damage to innocent parties.”