Frederick Brennan, an administrator of the 8chan forum who said that the website has been under DDoS attacks from Hola’s network, raised the issue. “They [Hola] recently (late 2014) realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet (right now, for HTTP requests only) at http://luminati.io,” said Brennan on the forum. “An attacker used the Luminati network to send thousands of legitimate-looking [requests to 8chan] in 30 seconds, representing a 100x spike over peak traffic.”
It has been mentioned that the attack originated from a user named BUI, who later revealed that he used Hola’s Luminati service. Hola users have taken to Reddit to express their anger for having been misled about the service. “**** knows who has been using my internet connection!! And for what?!,” said one user.
On the other hand, Hola’s founder Ofer Vilenski did not deny the fact. While talking to Torrentfreak website he said, “We have always made it clear that Hola is built for the user and with the user in mind. We’ve explained the technical aspects of it in our FAQand have always advertised in our FAQ the ability to pay for non-commercial use.”
There is a reason of course why Hola’s free tier seems too good to be true. Hola makes money by providing a premium or paid Luminati service, and the bandwidth provided for these premium subscribers is taken from the machines of Hola users when idle. As Torrentfreak explains, “Hola users get their service for free as long as they’re prepared to let Hola hand their resources to Luminati for resale. Any users who don’t want this to happen can buy Hola for $5 per month.”
Torrentfreak also points out that the site’s FAQ page was only recently updated with information about what free users’ bandwidth was being used by Luminati.
As for 8chan, Hola founder Vilenski had elaborated to Torrentfreak, “8chan was hit with an attack from a hacker with the handle of BUI. This person then wrote about how he used the Luminati commercial VPN network to hack 8chan. He could have used any commercial VPN network, but chose to do so with ours… If 8chan was harmed, then a reasonable course of action would be to obtain a court order for information and we can release the contact information of this user so that they can further pursue the damages with him… We have communicated directly with the founder of 8Chan to make sure that once we terminated BUI’s account they’ve had no further problems, and it seems that this is the case.”
He added that since the 8chan DDoS attack, the company has improved its screening process of Luminati users to ensure such a case does not happen again.