The co-owners of vDOS, a now-defunct service that for four years helped paying customers launch more than two million distributed denial-of-service (DDoS) attacks that knocked countless Internet users and websites offline, each have been sentenced to six months of community service by an Israeli court.
A judge in Israel handed down the sentences plus fines and probation against
Yarden Bidani and
Itay Huri, both Israeli citizens arrested in 2016 at age 18 in connection with an FBI investigation into vDOS.
Until it was shuttered in 2016, vDOS was by far the most reliable and powerful DDoS-for-hire or “booter” service on the market, allowing even completely unskilled Internet users to launch crippling assaults capable of knocking most websites offline.
vDOS advertised the ability to launch attacks at up to 50 gigabits of data per second (Gbps) — well more than enough to take out any site that isn’t fortified with expensive anti-DDoS protection services.
The Hebrew-language
https://www.gov.il/BlobFolder/dynami...6419-08-17.pdf (PDF) has redacted the names of the defendants, but there are more than enough clues in the document to ascertain the identities of the accused. For example, it says the two men earned a little more than $600,000 running vDOS, a fact first reported by this site in September 2016 just prior to their arrest, when
https://krebsonsecurity.com/2016/09/...-in-two-years/ and KrebsOnSecurity obtained a copy of its user database.
In addition, the document says the defendants were initially apprehended on September 8, 2016, arrests which were
https://krebsonsecurity.com/2016/09/...ted-in-israel/.
Also, the sentencing mentions the supporting role of a U.S. resident named only as “Jesse.” This likely refers to 23-year-old
Jesse Wu, who KrebsOnSecurity
https://krebsonsecurity.com/2016/10/...ling-the-cure/ pseudonymously registered the U.K. shell company used by vDOS, and ran a tiny domain name registrar called
NameCentral that vDOS and
https://krebsonsecurity.com/wp-conte...raldomains.pdf.
Israeli prosecutors say Wu also
https://krebsonsecurity.com/2017/06/...-hire-service/, and received 15 percent of vDOS’s total revenue for his trouble. NameCentral no longer appears to be in business, and Wu could not be reached for comment.
Although it is clear Bidani and Huri are defendants in this case, it is less clear which is referenced as Defendant #1 or Defendant #2. Both were convicted of “corrupting/disturbing a computer or computer material,” charges that the judge said had little precedent in Israeli courts, noting that “cases of this kind have not been discussed in court so far.” Defendant #1 also was convicted of sharing nude pictures of a 14 year old girl.
vDOS also sold API access to their backend attack infrastructure to other booter services to further monetize their excess firepower, including Vstress, Ustress, and
http://b
Yarden Bidani. Image: Facebook.
Both defendants received the lowest possible sentence (the maximum was two years in prison) — six months of community service under the watch of the Israeli prison service — mainly because the accused were minors during the bulk of their offenses. The judge also imposed small fines on each, noting that more than $175,000 dollars worth of profits had already been seized from their booter business.
The judge observed that while Defendant #2 had shown remorse for his crimes and an understanding of how his actions affected others — even sobbing throughout one court proceeding — Defendant #1 failed to participate in the therapy sessions previously ordered by the court, and that he has “a clear and daunting boundary for recurrence of further offenses in the future.”
Boaz Dolev, CEO of
https://www.clearskysec.com/, said he’s disappointed in the lightness of the sentences given how much damage the young men caused.
“I think that such an operation that caused big damage to so many companies should have been dealt differently by the Israeli justice system,” Dolev said. “The fact that they were under 18 when committing their crimes saved them from much harder sentences.”
While DDoS attacks typically target a single website or Internet host, they often result in widespread collateral Internet disruption. Less than two weeks after the 2016 arrest of Bidani and Huri, KrebsOnSecurity.com
https://krebsonsecurity.com/2016/09/...of-censorship/ as a result of a
https://krebsonsecurity.com/2016/09/...h-record-ddos/ that was
https://krebsonsecurity.com/2017/01/...i-worm-author/ for my reporting on vDOS. That attack caused stability issues for other companies using the same DDoS protection firm my site enjoyed at the time, so much so that the provider
https://krebsonsecurity.com/2016/09/...of-censorship/ with them shortly thereafter.
To say that vDOS was responsible for a majority of the DDoS attacks clogging up the Internet between 2012 and 2016 would be an understatement. The various subscription packages for the service were sold based in part on how many seconds the denial-of-service attack would last. And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years worth of attack traffic.
It seems likely vDOS was responsible for several decades worth of DDoS years, but it’s impossible to say for sure because vDOS’s owners routinely wiped attack data from their servers.
Prosecutors in the United States and United Kingdom have in recent years sought tough sentences for those convicted of running booter services. While a number of current charges against alleged offenders have not yet been fully adjudicated, only a handful of defendants in these cases have seen real jail time.
The two men
https://krebsonsecurity.com/2017/01/...i-worm-author/for creating and
https://krebsonsecurity.com/?s=mirai&x=0&y=0(the same duo responsible for building the massive crime machine that knocked my site offline in 2016) each
https://krebsonsecurity.com/2018/10/...tgers-attacks/ thanks to their considerable cooperation with the FBI.
Likewise, Pennsylvania resident
David Bukoski recently
https://krebsonsecurity.com/2020/02/...con-pizza-buy/ and six months of “community confinement” after pleading guilty to running the
Quantum Stresser booter service.
https://krebsonsecurity.com/?s=lizard+squad&x=0&y=0member and PoodleStresser operator
Zachary Buchta was
https://www.chicagotribune.com/news/...327-story.htmlto three months in prison and ordered to pay $350,000 in restitution for his role in running various booter services.
On the other end of the spectrum, last November 21-year-old Illinois resident
Sergiy Usatyuk was
https://krebsonsecurity.com/2019/11/...ths-jail-time/ for running multiple booter services that launched millions of attacks over several years. And a 20-year-old U.K. resident in 2017 got
https://krebsonsecurity.com/2017/04/...-hire-service/ for operating the
Titanium Stresser service.
For their part, authorities in the U.K. have sought to discourage would-be customers of these booter services
https://krebsonsecurity.com/2020/05/...er-cybercrime/. The goal is to steer customers away from committing further offenses that could land them in jail, and toward more productive uses of their skills and/or curiosity about cybersecurity.
05-02-2025, 12:43 PM
Linear Mode
