By 2016, vDos became the most popular service in the world for ordering DDoS attacks
If you believe conspiracy theories, then antivirus companies themselves distribute viruses, and DDoS attack protection services themselves initiate these attacks. Of course, this is fiction... or not?
January 16, 2020 Federal District Court of New Jersey Tucker Preston, 22, of Macon, Georgia, on one count of damaging protected computers by transmitting a program, code or command. Tucker is the co-founder of BackConnect Security LLC, which offered protection against DDoS attacks. The young businessman could not resist the temptation to take revenge on his intractable clients.
The sad story of Tucker Preston began in 2014, when the teenage hacker, along with his friend Marshal Webb, founded the company BackConnect Security LLC, which was then spun off from BackConnect, Inc. In September 2016, this company during the operation to close the vDos service, which at that time was considered the most popular service in the world for ordering DDoS attacks. The BackConnect company then allegedly itself was attacked via vDos - and carried out an unusual βcounterattackβ, capturing 255 enemy IP addresses by (BGP hijacking). Carrying out such an attack to protect one's interests has caused controversy in the information security community. Many felt that BackConnect had gone overboard.
A simple BGP interception is performed by announcing someone else's prefix as your own. Uplinks/peers accept it, and it begins to spread across the Internet. For example, in 2017, allegedly as a result of a software failure, Rostelecom (AS12389) Mastercard (AS26380), Visa and some other financial institutions. BackConnect worked in much the same way when it expropriated IP addresses from the Bulgarian hoster Verdina.net.
BackConnect CEO Bryant Townsend in the NANOG newsletter for network operators. He said that the decision to attack the enemy's address space was not taken lightly, but they are ready to answer for their actions: βAlthough we had the opportunity to hide our actions, we felt that it would be wrong. I spent a lot of time thinking about this decision and how it might reflect negatively on the company and me in the eyes of some people, but ultimately I supported it."
As it turned out, this is not the first time BackConnect has used BGP interception, and the company generally has a dark history. Although it should be noted that BGP interception is not always used for malicious purposes. Brian Krebs that he himself uses the services of Prolexic Communications (now part of Akamai Technologies) for DDoS protection. It was she who figured out how to use BGP hijack to protect against DDoS attacks.
If a DDoS attack victim contacts Prolexic for help, the latter transfers the client's IP addresses to itself, which allows it to analyze and filter incoming traffic.
Since BackConnect provided DDoS protection services, an analysis was carried out to determine which of the BGP interceptions could be considered legitimate in the interests of their clients, and which ones looked suspicious. This takes into account the duration of the capture of other peopleβs addresses, how widely the other personβs prefix was advertised as their own, whether there is a confirmed agreement with the client, etc. The table shows that some of BackConnectβs actions look very suspicious.
Apparently, some of the victims filed a lawsuit against BackConnect. IN The name of the company that the court recognized as the victim was not indicated. The victim is referred to in the document as Victim 1.
As mentioned above, the investigation into BackConnectβs activities began after the vDos service was hacked. Then service administrators, as well as the vDos database, including its registered users and records of clients who paid vDos for carrying out DDoS attacks.
These records showed that one of the accounts on the vDos website was opened to email addresses associated with a domain that was registered in the name of Tucker Preston. This account initiated attacks against a large number of targets, including numerous attacks on networks owned by (FSF).
In 2016, a former FSF sysadmin said the nonprofit had at one point considered partnering with BackConnect, and the attacks began almost immediately after FSF said it would look for another firm to provide DDoS protection.
According to U.S. Department of Justice, on this count, Tucker Preston faces up to 10 years in prison and a fine of up to $250, which is twice the total gain or loss from the crime. The verdict will be pronounced on May 000, 7.
GlobalSign provides scalable PKI solutions for organizations of all sizes.
More details: +7 (499) 678 2210, [email protected].
Source: habr.com