Two Israeli Teens Face FBI Justice For vDOS Global DDoS Operation

Two 18-year-olds from Israel find themselves in hot water with the United States Federal Bureau of Investigation (FBI) for their alleged roles in running a lucrative attack service called vDOS. They're said to have earned over $600,000 in the past two years by helping customers coordinate over 150,000 Distributed Denial of Service (DDoS) attacks.

Israeli authorities arrested the two teenagers, Itay Huri and Yarden Bidani, on Thursday as part of an investigation by the FBI. They were questioned and released the next day for what amounts to around $10,000 bond each. Authorities also seized their passports and placed them on house arrest—they've been ordered not to use the Internet or any kind of telecommunications device for 30 days, according to KrebsOnSecurity, Kaspersky's security blog.


The identity of the two young men came to light because vDOS itself was hacked, revealing information about tens of thousands of paying customers and their targets. KrebsOnSecurity obtained a copy of the database and posted their identities around the same time the FBI came crashing down on their ongoing hacking 0arty. KrebsOnSecurity has been the target of a DDoS attack ever since, though the security blog says its receives DDoS protection from Prolexic/Akamai.

As for Huri and Bidani, they didn't do a good job of hiding their identities or illegal behavior. Yarden kept a Facebook page with a bunch of messages from friends who referred to him as "AppleJ4ck," his hacker nickname, and had open discussions on DDoS attacks. In addition, the customer support system for vDOS was setup to send a text message to Huri's phone number in Israel, the same number he listed in registration records for a domain that was used to help manage the hacking site.

The pair also recently wrote a technical paper on DDoS attack strategies. Huri used his real name, while Bidani used an email address that was linked to one of the admins for vDOS. Given the number of tracks they collectively left, it's a little surprising it took four years to catch them (it's believed vDOS has been in operation since September 2012).
Tags:  security, Hacking, DDoS, vdos