The researcher said that shortly after his test, the IP he used to log into one of the leaked accounts was bombarded by an ICMP flood.
“I suspect they were aware of the leak and were watching for logins of those accounts,” Farmer told Bleeping.
The researcher provided your reporter a short video of the attack, along with the screenshot below, showing the ICMP flood in progress.
TrueStresser is a Defcon.pro customer
Looking closer at dumped API calls, we can see that TrueStresser is actually renting infrastructure from another DDoS booter service called Defcon.pro.
The leaked API calls are in the same format as the Defcon API documentation, accessible in the Defcon.pro control panel.
The entire situation is eerily similar to the PoodleStresser-vDos chain of events. In August 2016, an unknown party breached and leaked the PoodleStresser database, which was later tied to another DDoS-for-hire service named vDos, the larger provider of DDoSing infrastructure at the time.
On its website, Defcon.pro claims to serve over 7,700 customers. A counter showed that customers used the service to launch over 3,900 attacks today, September 1, at the time of writing, and over 117,000 DDoS attacks in total.
In the API documentation, Defcon.pro operators claim to be able to launch the following types of DDoS attacks:
The Defcon.pro website also lists the following features:
Easy to use interface
Neither TrueStresser staff nor Defcon.pro admins responded to a request for comment.