2

Click here to load reader

Ragebooter: DDoS attacks sponsored by the FBI? – TotalDefense Blog

Embed Size (px)

DESCRIPTION

TotalDefense reports Ragebooter a site that allows users to pay for removal of sites from the network, via DDoS attack using DNS Reflection method. Visit http://blogs.totaldefense.com/securityblog.aspxfor cloud-based endpoint security solutions for home and businesses.

Citation preview

Page 1: Ragebooter: DDoS attacks sponsored by the FBI? – TotalDefense Blog

Copyright © 2013 TotalDefense, Inc. | All rights reserved www.totaldefense.com Page 1

Ragebooter: DDoS attacks sponsored by the FBI?

Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by

law enforcement is another story altogether. Introducing : Ragebooter

Site called Ragebooter.net allows users to pay for removal of sites from the network, using DDoS

attack. Unlike other existing sites that offer similar services, the Ragebooter have particularly

interesting back door leading directly to the FBI.

Recently more and more questionable sites begun to appear that offer a service called DDoS-for-hire.

That is, for a certain fee, users can select the site they do not like and removed it from the network,

even if for a short time. The service offered by Ragebooter is a DNS Reflection Attack - attack flooding

the sites with huge quantities of information, until they completely collapse.

Investigation shows the site operator is a guy named Justin Folland located in Memphis Tennessee. The

service seems legit, since this is a public service, using public connection that turn to other public

servers and use the information that is available to anyone who wants it, when the surface is testing of

website servers, which is not contrary to the law.

Folland does not publish the site or service offered, and of course does not encourage illegal activity.

How individual users choose to utilize the information is at their own risk, and if the sites do not wish

to use the information in question against them, all they have to do is to turn ON the option of

Disabling Recursive DNS in their servers.

The most interesting piece of information is a back door leading directly to the FBI.

It seems that the Federal Investigation Bureau uses the site to monitor the activity of users on the

network, and that added to the site IP Logger that keeps the IP addresses of all users coming to the

site. Bottom line, it is not clear if it is a guy who works with the Bureau, or hacker with megalomania

that had not yet been removed from the network - but what is certain is that the service is alive and

kicking.

Page 2: Ragebooter: DDoS attacks sponsored by the FBI? – TotalDefense Blog

Copyright © 2013 TotalDefense, Inc. | All rights reserved www.totaldefense.com Page 2

About TotalDefense:

Total Defense(@Total_Defense) is a global leader in malware detection and anti-crimeware solutions. We offer a broad portfolio of leading security products for the consumer market used by over four million consumers worldwide. Our solutions also include the industry’s first complete cloud security platform, providing fully integrated endpoint, web and email security through a single Web-based management console with a single set of enforceable security policies

Total Defense is a former business of CA Technologies, one of the largest software companies in the world, and has operations in New York, California, Europe, Israel and Asia.

Visit http://www.totaldefense.com/ for web, cloud & mobile security solutions for home users and businesses.