DDoS-for-hire service works with blessing of FBI, operator says

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2013/05/ddos-for-hire-service-works-with-blessing-of-fbi-operator-says/

By Dan Goodin
Ars Technica
May 19 2013

A website that accepts payment in exchange for knocking other sites 
offline is perfectly legal, the proprietor of the DDoS-for-hire service 
says. Oh, it also contains a backdoor that's actively monitored by the 
FBI.

Ragebooter.net is one of several sites that openly accepts requests to 
flood sites with huge amounts of junk traffic, KrebsonSecurity reporter 
Brian Krebs said in a recent profile of the service. The site, which 
accepts payment by PayPal, uses so-called DNS reflection attacks to 
amplify the torrents of junk traffic. The technique requires the 
attacker to spoof the IP address of lookup requests and bounce them off 
open domain name system servers. This can generate data floods directed 
at a target that are 50 times bigger than the original request.

Krebs did some sleuthing and discovered the site was operated by Justin 
Poland of Memphis, Tennessee. The reporter eventually got an interview 
and found Poland was unapologetic.

"Since it is a public service on a public connection to other public 
servers this is not illegal," Poland was quoted as saying. He continued:

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org