vDOS Attack Logs Leaked
Earlier this week, Brian Krebs reported on a DDoS Tool called vDOS. Krebs explained how a contact of his was able to abuse an exploit in the vDOS website to gain access to the DDoS Tool's database. The databases that were given to Krebs included information on the users, the tickets that they submitted, their payment details, and most interesting, the attack logs for every user. Unfortunately, the attack logs only date back to March of 2016, apparently logs were cleared at one point in time. However, just in the last 6 months of operation, vDOS has been responsible for more than 170,000 DDoS attacks launched around the world.
Earlier today, I obtained the attack log and decided to prune it rather significantly. My main goal was to ensure the usernames and IP addresses of the script kiddies using this DDOS Tool are forever enshrined on the internet. Additionally, I wanted to make sure that every time an account launched a DDoS attack from a unique IP, that the Username, IP address, and date were logged. This hopefully will make it easier for Law Enforcement to reference the database and be able to pinpoint who the IP belonged to on specific dates.
List of Usernames, IPs and Dates of Users Launching Attacks
I would have liked to host the list here, but the resource consumption could eventually be too much. You may view the pruned list here: http://pastebin.com/Rg1xT68V
A new entry is created for each username anytime their IP address changed, or anytime they launched an attack on a new date. Again, hopefully this data can be used by law enforcement to research IP addresses from specific dates and match them with individuals.
Arrests of Itay Huri and Yarden Bidani
Early on Friday subsequent raids in Israel netted the arrests of Itay Huri, also known as P1st and M30w, and Yarden Bidani, otherwise known as Applej4ck. Both were arrested and later released on bond. Both are required to remain on house arrest, they may not touch any telecommunication devices, and their electronics were seized. More information on the arrests will be updated as details become more clear.
As promised, the original attack log as compiled by Brian Krebs can be found here: https://www.cloudflare.com/media/krebs/attacks.txt.zip