FBI seizes 48 domains linked to DDoS-for-hire services: six charged in connection

“Stresser” and “Booter” platforms shut down

On Wednesday, the U.S. Department of Justice (DoJ) announced^[1] that they had seized 48 domains that offered DDoS services to other potential cybercriminals. Six suspects have also been charged for their part in operating the “Stresser” or “Booter” platforms, which lowered the threshold for malicious activity and made it easier for anyone to commit these crimes.

The FBI has shut down websites that allowed users to illegally pay for DDoS attacks. These types of attacks overload the target computer with information, which then gets “booted” from the internet (hence the name). Stresser platforms use identical functionality of DDoS features, although they are meant for genuine testing of the web service reliability. FBI has determined that these services were fake and were indeed used for malicious purposes instead.

Booter services were broadly used against targets in the United States as well as other countries and targeted government agencies, the education sector, gaming platforms, and millions of individuals around the world. Not only can cyber attacks target specific individuals, but they can also cause widespread internet outages and disruptions.

New technologies are increasing the reach and impact of cybercrime, with malware and ransomware attacks increasing by more than 350% and 430%, respectively in 2020. These numbers increase the need for rules uniting the world in this fight of cybercriminals and attacks on various targets.

The operation

The analysis of messages between the perpetrators behind booter sites and their customers, done by the U.S. Federal Bureau of Investigation (FBI), showed that these services are paid for using cryptocurrency.

Each of the customers has to create an individual account, which then allows them to begin malicious activity against their targets. Booter and stresser services solidify a malicious actor's ability to conduct DDoS attacks by permitting the individual to pay for an already established network of infected devices rather than having to create their own.

While these services are presented as legitimate – those who sign up must agree to terms that forbid the usage of DDoS and similar attacks – many of them were widely promoted on the underground forums. In fact, the owners themselves were found promoting their services and providing coupons on illegitimate websites.

The six suspects behind the operation were Jeremiah Sam Evans Miller, Angel Manuel Colon Jr., Shamar Shattock, Cory Anthony Palmer, John M. Dobbs, and Joshua Laing, all between 18 and 37 years of age.

The perpetrators were charged with the operation of the following “booter” and “stresser” domains:

• RoyalStresser[.]com,
• SecurityTeam[.]io,
• Astrostress[.]com,
• Booter[.]sx,
• IPStresser[.]com
• TrueSecurityServices[.]io.

Millions of attacks conducted

The United States Department of Justice (DoJ) has reported that millions of individuals were victims of DDoS attacks using DDoS-for-hire platforms. Court documents reveal that over one million registered users of IPStresser[.]com carried out or attempted to carry out more than 30 million DDoS attacks between 2014 and 2022.

The coordinated seizure of 48 domains occurred right before Christmas – a period notorious for DDoS attacks against gaming servers. Back in 2018, the FBI seized 15 domains that were highly associated with attacks against the gaming industry – also right before Christmas. At the time, Bukowski, Gatrel, and Martinez were also presented with criminal charges for violating Computer Fraud and Abuse Act.^[2]

This latest round of domain takedowns is part of an ongoing law enforcement effort, codenamed Operation PowerOFF, that includes partners in the UK, Netherlands, and Europol. The aim is to dismantle criminal DDoS-for-hire infrastructures worldwide.^[3]