DDoS-for-hire service works with blessing of FBI, operator says

[nsane.forums]

"My service is a legal testing service," Ragebooter.net boss insists.

A website that accepts payment in exchange for knocking other sites offline is perfectly legal, the proprietor of the DDoS-for-hire service says. Oh, it also contains a backdoor that's actively monitored by the FBI.

Ragebooter.net is one of several sites that openly accepts requests to flood sites with huge amounts of junk traffic, KrebsonSecurity reporter Brian Krebs said in a recent profile of the service. The site, which accepts payment by PayPal, uses so-called DNS reflection attacks to amplify the torrents of junk traffic. The technique requires the attacker to spoof the IP address of lookup requests and bounce them off open domain name system servers. This can generate data floods directed at a target that are 50 times bigger than the original request.

Krebs did some sleuthing and discovered the site was operated by Justin Poland of Memphis, Tennessee. The reporter eventually got an interview and found Poland was unapologetic.

"Since it is a public service on a public connection to other public servers this is not illegal," Poland was quoted as saying. He continued:

"Nor is spoofing the sender address [illegal]. If the root user of the server does not want that used they can simple disable recursive DNS. My service is a legal testing service. How individuals use it is at there [sic] own risk and responsibilitys [sic]. I do not advertise this service anywhere nor do I entice or encourage illegal usage of the product. How the user uses it is at their own risk. I provide logs to any legal law enforcement and keep logs for up to seven days."

Poland went on to say:

"I also work for the FBI on Tuesdays at 1 PM in Memphis. They allow me to continue this business and have full access. The FBI also use the site so that they can moniter [sic] the activitys [sic] of online users.. They even added a nice IP logger that logs the users' IP when they login."

An FBI spokesman would neither confirm nor deny the claim, but Krebs said security researchers have found the site bizarrely includes the ragebooter.net user name in the flood of data directed at the target websites. Even more intriguing, someone hacked the site in March and leaked the users table, spilling the usernames of e-mail addresses of people who used the service. The list could contain a fair amount of data, since Ragebooter.net appears to average more than 400 attacks per day.

View: Original Article