German police raid DDoS-friendly host FlyHosting
Comments
ElemenoPicuares
wodenokoto
When I was a kid you could buy these monthly warez CDs full of games and professional software.
The gang producing them got so overwhelmed with burning CDs in their basement, that they went to a factory in Germany.
Police looked at the serial number on the CD, went to the factory and asked who the customer was and that's how they got busted.
Semaphor
When I was a kid, I distributed warcraft 3 beta cracks from our ISP webspace (20 MB, unlimited traffic, fast speeds made my mirror one of the most favored), Blizzard didn't even need the police and just made our ISP call my dad at work to stop it ;)
groestl
Most criminals who are caught are not criminal masterminds. The opposite, actually, otherwise they'd probably not be caught, since their opponents aren't of the Sherlock Holmes kind either. Especially in the cyber crime field, where barrier to entry is pretty low. Source: been acting on both sides, for research.
hnbad
It's literally the WW2 airplane hit patterns image. Criminals who get caught are the ones making the kinds of mistakes that make it easier to catch them.
Organized crime also does a lot of "dumb" stuff but they do it at scale and make it harder to trace back the individual incident to the organization's core. They also heavily rely on disposable accomplices, which is why you still see these "make money doing nothing from home, just let us use your bank account" scams.
groestl
Exactly. Also, opsec does not need to be bulletproof if your operation is goverment sponsored or at least government tolerated. There's whole companies, doing downright illegal stuff in the open, enjoying sweetheart treatment by officials. OTOH, a Russian hacker, for example, would know better than to steal from their own countrymen. So they operate in other jurisdictions.
You would be mistaken btw to think this only applies to non-western parts of the world. The spectrum is a wide one, from completely covert operations, over organized crime, to companies and even the government itself. The ones who are caught are usually not the smart ones. Of course, the Dunning Kruger effect is also strong here, so most of them think they're too smart to be caught.
AniseAbyss
[dead]
tbrownaw
Isn't almost any online payment method trivially trackable?
Bitcoin (and most other cryptocoins) needs a bit of effort to grovel the public transaction history, and XMR does things that supposedly make that not really work at all, but other than that...
ajsnigrutin
Considering it's criminals we're talking about here, they can easily use some rasomware attack on a few people and then use those bitcoins to pay for whatever they need, and noone can identify them through bitcoin "traffic".
bayesian_horse
You can at least make some people believe bitcoin isn't traceable at all, and it can be quite hard or even impossible to trace if you do it right.
fiso64
>XMR does things that supposedly make that not really work at all
Any source? Can't find anything.
luckylion
https://www.getmonero.org/resources/moneropedia/ringsignatur...
I'm not qualified to say whether that actually achieves that goal though
th18row
[flagged]
kortilla
But how do you find the prostitute?
th18row
Look for them in an escort site, or, depending on the city you're in, you'll know how to find them. Just make sure they don't have an adams apple bro
mike_hock
Asking for a friend?
CameronNemo
We've had high schoolers DDoS their schools to avoid standardized testing. It is also a common way to interfere with esports. So yeah, the customers are often quite young.
MikeDelta
I cannot find the reference but I remember reading, not too long ago, that even the professional ransomware gangs can be extremely lazy with their own security. Apparently even some well-known players (not script kiddies) could be identified because they used their personal email address or something similar.
gpm
What identity verification does paypal actually do? I'd assume (potentially incorrectly) that criminals using it were doing so under an assumed (or stolen) identity so the account wouldn't lead back to them.
Which would limit what you could do with the money, but isn't that true of any crime related money?
dogma1138
PayPal has a banking license it does a pretty full KYC in most places or relies on others that do.
Outside of cash transfer services which often also require an ID on both ends albeit that is often easier to fake there aren’t ways to transfer money anonymously.
So companies use either alternative settlement methods such as crypto or gift cards or what is also quite common twin settlement.
You want a VPC? We’ll give you one for free just buy a 3 months VPN service from our sister company.
Basically the idea here is to split the records across as many platforms as possible and have as much separation as possible from payments and actual usage.
zinekeller
Before hordes of people respond with "PayPal is not a bank!", it is indeed not a bank in US, but its European subsidiary is legally a bank.
dogma1138
In the US it doesn’t have a license anymore mainly to avoid FDIC requirements but it is licensed in every state https://www.paypal.com/us/webapps/mpp/licenses
bayesian_horse
As far as I remember you need a credit card or banking account. Ok, you might have stolen those, but many people probably used their own.
wolongong942
For over 10 years they did nothing to people who bought these kind of things with Paypal, police going after booter users is a fairly recent thing that started in the UK.
joshxyz
yknow customers usually get away
whats funnier is those who run these booter sites then ACCEPTS payment with paypal. dios mio
ipaddr
In fairness paying for a Ddos attack sounds like a dumb thing with little upside
beauHD
> FlyHosting, a dark web offering
And then:
> An ad for FlyHosting posted by the the user “bnt” on the now-defunct cybercrime forum BreachForums
So we have a dark web 'offering' advertising on a clearnet forum. This is a conflict of interests IMHO. You're either fully operating on the darkweb or you're not. Clearnet e-crime sites are famously de-anonymized. It just takes a payment from PayPal registered in your legal name to buy hosting services, and boom: you've been decloaked by the authorities.
KomoD
They weren't "darkweb" at all, they were clearnet, they were basically just like any other hosting provider, they had normal non-criminal customers, and criminal ones too.
earth-adventure
In that case you really weren't trying to be anonymous
greyface-
Looks like RIPE is revoking their ASN:
$ whois -h whois.ripe.net AS202437
[...]
aut-num: AS202437
as-name: FLYHOSTING
remarks: -------------------------------------------------------------
remarks: This internet resource will be deregistered by 9 June 2023.
remarks: -------------------------------------------------------------
[...]
last-modified: 2023-03-31T13:34:39Z
There's no equivalent remark on their IP space (185.132.53.0/24 and 2a0f:9400:6119::/48) yet.dredmorbius
Does anyone know what standards / processes are for de-peering, or as in this case, revoking ASN entirely, of rogue networks?
The notion of ignoring networks (ASNs) which have predominantly hostile traffic at the BGP level has been bandied about for a long time, but so far as I know, most network operators are exceedingly reluctant to do this, absent a few, mostly political, instances. Israel and its Arab neighbours come to mind, my understanding is that direct network connections are limited, or at least were historically. There are a few other cases largely between hostile nations.
Would RIPE be acting on the request of German legal authorities and/or courts, or on some other basis? And how would this be determined?
zamadatix
For small ASNs wanting new connections it's getting pretty common for peers to require a RPKI/ROA (a cryptographic verification system used to automatically configure what advertisements are accepted based on what resources your RIR says you have and what you crypto sign on how you want to advertise them) instead of a LOA (letter of authorization, a document they can put on file saying what you intend to advertise). With this your RIR becomes the trust anchor (and signer, if you don't want to deal with delegation) so a revocation of the resources by the RIR should automatically result in your advertisements being rejected by your peering points in most cases like this going forward.
This is getting uptake because instead of the pitch to operators being "help validate internet advertisements" it's "now you don't have to manually configure accept policies or worry about misconfigured advertisements from clients".
https://www.arin.net/resources/manage/rpki/troubleshooting/#...
zinekeller
> Would RIPE be acting on the request of German legal authorities and/or courts, or on some other basis? And how would this be determined?
This is a guess but either a) giving out incorrect information (which is a clear basis, all AS operators must be either a person or a legal company, yes you could practically bypass this by registering a shell company but considering that they've used PayPal I'm pretty sure that they have not planned this well) or b) a German or Hessian (it seems that it's registered in Hesse) court might have forcibly transferred the legal entity to the state, in which case since the state now owns the entity they could simply file paperwork to voluntarily relinquish the AS.
Depeering is much more easier: all major transit networks have a provision in their contract to terminate the transit if it's unnecessarily burdening their systems or if it is used for malicious purposes.
walrus01
small hosting operators usually have few actual paid IP transit upstreams (2 or 3 max), which can credibly disconnect them based on criminal activity.
they also usually have a small number of actual manually-configured peers and if they're a member of an IX, they use the routeservers instead. Very easy for an IX to disconnect a criminal entity.
disconnecting a HUGE network that has a large portion of abusive traffic is much harder, like trying to bgp blackhole some major ISPs in China.
saltminer
Off-topic, but why do these seizure notices always look like shitposts? They always give off "graphic design is my passion" vibes.
hnbad
Design by committee (did you see how many organizational logos are on there?) plus "but make it look more cyber" plus literally done by an office worker who has no formal design training.
wodenokoto
Yeah, the look like what a 90s movie imagine they'd look like.
expertentipp
It's because of the ratio between how much it costed the taxpayer and how much the intern creating it was paid. Every person in the pipeline was high paid best-in-class expert. In fact no pixel is accidentally in its place.
MrDunham
> The U.K.’s National Crime Agency announced last week that it’s been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.
This... might actually be effective.
One major reason I stopped using Kazaa/LimeWire back in the day was growing fear (and experience) with files being laced with malware.
Throw out enough landmines to make someone think every service could be a trap... seems smart.
expertentipp
Basically DDoS for hire has become alike torrenting, real estate market, and online dating. Where young people are suppoused to have fun?! All they're left with is gaming and gambling.
erulabs
fly.io's evil twin :O
arp242
Shouldn't have flown in that telepod.
mrkurt
[flagged]
shahidkarimi
I used there services multiple times
medion
What for more specifically and why? Just out of curiosity.
rejectfinite
Looks like they can also be used as a normal hosting company...?
Desmondeileen
[dead]
I wonder what sort of person is aware enough of DDoS attacks to want to buy one, savvy enough to find where to buy one, yet dumb enough to pay with PayPal. Or accept PayPal if you ran such a service. Given, it says the people running it were 16-24 and adolescent hubris knows no bounds... Maybe the customers were the same general age as the owners?