In the fight against cyber crime services, otherwise known as booters or stressers, it pays to follow the money.
That’s according to KrebsoOnSecurity, which, citing a new academic report, reported on how academic researchers and PayPal teamed up to identify and shut down the accounts of vDOS, a booter service and others that used PayPal to process payments from customers. The researchers were able to discover that their interventions with the help of PayPal was able to cut the cyber crime profits of vDOS in half and helped lower the number of attacks coming from it by 40 percent or even more.
In the middle of 2015, when vDOS was at the height of its profitability, the DDoS-for-hire service was making more than $42,000 a month in PayPal and bitcoin payments from what the report says is thousands of subscribers. The researchers were from New York University, noted the report. The researchers pretended to be buyers of close to 12 booter services including vDOS in an effort to figure out the PayPal accounts they were using to accept payments. PayPal then turned around and seized the accounts and balances.
“We find that vDOS’ revenue was increasing and peaked at over $42,000 a month for the month before the start of PayPal’s payment intervention and then started declining to just over $20,000 a month for the last full month of revenue,” the academics said in the research report. Customers of vDOS would pay upfront for a subscription to the service, which was sold in booter packages priced from $5 to $300. The prices were based partly on the overall number of seconds that a cyber attack may last. In just two of the four years vDOS was around, it was responsible for launching 915,000 DDoS attacks.
“As vDOS’ revenue and active subscriber base dwindled, so did the amount of harmful DDoS attacks launched by vDOS,” the NYU researchers wrote. “The peak attack time we found was slightly under 100,000 attacks and five attack years per month when vDOS’ revenue was slightly over $30,000 a month. This decreased to slightly under 60,000 attacks and three attack years during the last month for which we have attack data. Unfortunately, we have incomplete attack data and likely missed the peak of vDOS’ attack volume. However, the payment intervention correlates to a 40 percent decrease in attack volume, which equates to 40,000 fewer attacks and two fewer attack years per month.”