The Krebs on Security website, which reported in detail on the company in September last year after its database had been hacked, said the arrests of the likely owners of the vDOS site, Yarden “applej4ck” Bidani and Itay “p1st” Huri, took place on 8 August.
The charges listed were conspiring to commit a felony, prohibited activities, tampering with or disrupting a computer, and storing or disseminating false information.
The owner of the site, Brian Krebs, wrote that the Israeli state attorney's office had said the two could not be named because their alleged offences had been committed when they were minors.
Krebs noted that many of the details matched earlier reports about Bidani and Huri. Israeli prosecutors said the two reaped more that US$600,000 in two of the four years that vDOS had been in operation. The site was shut down soon after their initial detention in September 2016.
The prosecutors alleged: “The defendants were constantly improving the attack code and finding different network security weaknesses that would enable them to offer increased attack services that could overcome existing defences and create real damage to servers and services worldwide.
“Subscribers were able to select an ‘attack’ package from the various packages offered, with the packages classified by the duration of each attack in seconds, the number of simultaneous attacks and the magnitude of the attack in gigabits per second, and their prices ranged from US$19.99 to US$499.99.”
Krebs said the lawyers for the two men had said their clients were only running a defensive "stresser" service that was hawked to clients who wanted to test their sites for resilience against large cyber attacks.
At the peak of its profitability in mid-2015, vDOS was earning the two men more than US$42,000 a month paid through Bitcoin and PayPal, Krebs claimed, citing analysis of the leaked vDOS database by New York University researchers.