Criminals who earned more than 60 million yen by operating the DDoS attack contract service are ordered to 'six months of social service activities'



For

DDoS attacks that use a large number of machines to overload the website to stop it, some criminal groups operate a 'DDoS attack contract service' and receive a reward from the client It has been pointed out that they are acting on their behalf. VDOS operators who have launched a large number of DDoS attacks around the world from 2012 to 2016 have been sentenced to '6 months of social service' by the cyber security blog Krebs on Security reported.

16419-08-17.pdf
(PDF file) https://www.gov.il/BlobFolder/dynamiccollectorresultitem/decision16419-08-17/he/16419-08-17.pdf

Owners of DDoS-for-Hire Service vDOS Get 6 Months Community Service — Krebs on Security
https://krebsonsecurity.com/2020/06/owners-of-ddos-for-hire-service-vdos-get-6-months-community-service/



Until it was shut down in 2016, vDOS is known as the most trusted DDoS attack contracting service on the market, and even users who are not familiar with the Internet can ask vDOS to bring most websites to a halt. I was able to do it. Publicly offering 'DDoS attack stress test', vDOS appealed that it can attack up to 50GBps, which brings down websites that are not protected by expensive DDoS attack defense services Was enough ability to

On September 8, 2016 , Krebs on Security posted a special article on vDOS, which most users actually used as a DDoS attack contracting service, not for stress testing purposes. It revealed that the operator of vDOS was two young people living in Israel, and that he earned more than 600,000 dollars (about 66 million yen) since July 2014 alone. 'It's no exaggeration to say that the vast majority of DDoS attacks on the Internet between 2012 and 2016 were due to vDOS,' said Krebs on Security.

On the same day Krebs on Security published the article, two Israeli residents Yarden Bidani and Itay Huri were arrested for running vDOS. It was a big topic because it turned out that the two were 18 years old at the time of arrest and were only 14 years old when the service started in 2012. A few days later, a DDoS attack on Krebs on Security was described by companies providing protection services against DDoS attacks as 'one of the largest attacks the Internet has ever experienced'. However, this seems to be a retaliation for the arrest of the vDOS operator.



According to a sentence issued by an Israeli court in 2020, the two men were found guilty of 'corruption or obstruction of computer or data', but the sentence was both '6 months of social service activities'. It was very light. The case for the DDoS attack seems to have had few precedents in Israel, and the judge said of the ruling, 'this kind of case has not been discussed in court so far.' In addition, two people have been fined, and it seems that an amount equivalent to 175,000 dollars (about 19 million yen) has already been collected from the revenue obtained from vDOS operation.

Boaz Dolev, CEO of cybersecurity firm, said the sentence was too light and disappointing given the scale of the damage they caused. Delov pointed out that the vDOS attack had done so much damage to so many companies that Israel's justice system should have been given more severe penalties. 'The fact that they were under the age of 18 at the time of the crime saved them from more severe penalties,' Delov said.

It seems that a small percentage of criminals are sentenced to prison in connection with DDoS attack contracting services, and the creators of the Mirai botnet are exempt from prison in exchange for their cooperation with the FBI. However, in recent years, the US and British prosecutors have also demanded more severe penalties for criminals arrested for DDoS attack contracting services. For example, a 21-year-old man living in the state of Illinois has been sentenced to 13 months in prison for operating multiple DDoS attack contract services, and a 20-year-old British man who operated DDoS attack contract service Titanium Stresser. Is also sentenced to two years in prison.

British authorities are trying to prevent new incidents, such as purchasing online inventory and notifying users that it is a crime to attack another person's website using a DDoS attack contract service I will. Officials say the goal is to keep users away from these potentially imprisoned crimes and to make their cybersecurity skills and curiosity more productive.



in Web Service,   Security, Posted by log1h_ik