A website that accepts payment in exchange for knocking other sites offline is perfectly legal, the proprietor of the DDoS-for-hire service says. Oh, it also contains a backdoor that's actively monitored by the FBI.
Ragebooter.net is one of several sites that openly accepts requests to flood sites with huge amounts of junk traffic, KrebsonSecurity reporter Brian Krebs said in a recent profile of the service. The site, which accepts payment by PayPal, uses so-called DNS reflection attacks to amplify the torrents of junk traffic. The technique requires the attacker to spoof the IP address of lookup requests and bounce them off open domain name system servers. This can generate data floods directed at a target that are 50 times bigger than the original request.
Krebs did some sleuthing and discovered the site was operated by Justin Poland of Memphis, Tennessee. The reporter eventually got an interview and found Poland was unapologetic.
Read 3 remaining paragraphs | Comments