Quantcast

Spy-jacking the Booters 4: The CloudFlare and PayPal Dilemma

The key spotlight in this part of the presentation is on the issue of legit services like CloudFlare and PayPal being used by booters to stay online and afloat.

Rage Booter, pretty much like every single one of these booters out there, was hidden behind CloudFlare, and as I’m sure most of you know, this content distribution network, ironically, is used probably most often to keep sites online in face of lots of traffic, particularly DDoS attacks. Apparently, running a DDoS-for-hire service kind of makes you a target for competing DDoS-for-hire services. So, if they’re not behind CloudFlare the whole thing falls apart.

That got me to thinking – if CloudFlare said they wouldn’t be dealing with these guys anymore and they would kick all those booter services off their network, it would be a very good chance that this problem would kind of take care of itself. So I asked CloudFlare about this, and Matthew Prince, the CEO, referred me to a blog post that he’d put up last summer, in which he basically said: “Look, we don’t want to go there. We don’t want to be the arbiter of what kind of content we want to allow on our networks, because this is a slippery slope.”

Matthew Prince’s blog post referred to

Matthew Prince’s blog post referred to

Allow me to quote from that post (see right-hand image). He basically says: “CloudFlare is firm in our belief that our role is not that of Internet censor. There are tens of thousands of websites currently using CloudFlare’s network. Some of them contain information I find troubling. Such is the nature of a free and open network and, as an organization that aims to make the whole Internet faster and safer, such inherently will be our ongoing struggle. While we will respect the laws of the jurisdictions in which we operate, we do not believe it is our decision to determine what content may and may not be published. That is a slippery slope down which we will not tread.”

Okay, I get this. As a journalist, I’m a big backer and proponent of the First Amendment. I think people should be able to put whatever the hell they want on the Internet, and if it offends you – too bad. But in this case, I think there are two – I don’t know if you could call it conflict of interest – but for me, first of all, the purpose of these booter sites is to take sites offline, basically to stifle speech. And number two, CloudFlare – they’re basically a big DDoS protection, and the fact that they are harboring all these booter services and not really making an effort to get them off their network – it seems like a conflict of interest.

PayPal's response

PayPal’s response

I reached out to PayPal as well, because I sort of thought this was the other way that this booter industry would just fall apart, if these guys weren’t able to take PayPal. And PayPal responded (see right-hand image). They basically said: “Hey, we take security very seriously at PayPal and do not condone the use of our site in the sale or dissemination of tools, which have the sole purpose to attack customers and illegally take down websites.” Oddly enough, I think Rage Booter is still online, it’s still able to accept PayPal payments, as is Booter.tw – the booter services that got me interested in this whole thing in the first place.

Given that a lot of these script kiddies on Hack Forums who are running these booter services are here in the U.S., it might not be unreasonable to expect that at some point – and they have no OPSEC – they’re going to get a visit from the feds or from the local cops. But maybe not, if the Hack Forums that has become the breeding ground for these businesses is actually working with the feds itself.

Hack Forums admin’s post

Hack Forums admin’s post

I discovered something really interesting about the administrator of Hack Forums. He’s a 40-something guy named Jesse Labrocca, he lives right here in Las Vegas actually. In mid-2010, Jesse seemed to be taking steps to clean up Hack Forums (see left-hand image). There were a lot of guys on there that were going: “We’re selling banking Trojans, Zeus botnet stuff, carding, all kinds of things.” And then Jesse said: “You know what? If you guys want to talk about all that stuff, do it somewhere else, you need to get off my site. And by the way, if you really want to do that, we’re creating a new forum for you guys, and if you want to get on just message me for an invite code – and you’ll be good to go.” And he also said: “For all of you Hack Forums members who have VIP status,” which is basically a paid status there, – “Your VIP status will transfer over to this new site.”

The infamous fake carding forum

The infamous fake carding forum

Well, that new carding site turned out to be Carderprofit.cc (see right-hand image), which was a fake carding forum set up by the FBI. And here’s where this comes full circle. I’d been kind of sitting on this information up to this talk, but I recently discovered that the kid who swatted me and used Booter.tw to DDoS my site was the same kid who was primarily responsible for building Exposed.su site that was doxing all the celebrities and the public officials.

The Hacker 'God' story

The Hacker ‘God’ story

I mentioned the story of Mat Honan’s epic hack – he did a follow-up not only after that, where he wrote a piece called “Cosmo, the Hacker ‘God’ Who Fell to Earth” (see left-hand image). It was about a 16-year-old kid from Long Beach, CA, who was responsible for a lot of the UG Nazi attacks, the kind of the LulzSec and Anonymous stuff. And he was one of the guys that Phobia I mentioned earlier was very tight with; Phobia – the same guy who acknowledged hacking into Mat Honan’s iCloud account. This 16-year-old kid from Long Beach was among two dozen members of Carderprofit.cc that were arrested last fall for allegedly trading stolen credit card accounts and other data.

FBI carding operation report

FBI carding operation report

Incidentally, those who read the Wired story about this kid Cosmo are going to know that this is the same guy who took credit for hacking into the Gmail accounts of CloudFlare CEO Matthew Prince. And the crazy thing about the CloudFlare hack – I don’t know how many of you remember this – but, basically, Cosmo and his pals mainly used it to redirect 4chan’s DNS to UG Nazi Twitter feed. But they could have done a heck of a lot more damage with that hack.

Now I’m going to ask Lance to come up and bring up the rest of it. Thank you!
 

Read previous: Spy-jacking the Booters 3: Owner Profiles

Read next: Spy-jacking the Booters 5: Tracking the Fraudsters Down

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: