The Justice Department today announced the court-authorized seizure of 13 internet domains associated with these DDoS-for-hire services.
The seizures this week are the third wave of U.S. law enforcement actions against prominent booter services that allowed paying users to launch powerful distributed denial-of-service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet.
Data relating to the operation of booter sites previously seized by law enforcement show that hundreds of thousands of registered users have used these services to launch millions of attacks against millions of victims. School districts, universities, financial institutions, and government websites are among the victims who have been targeted in attacks launched by booter services.
Ten of the 13 domains seized are reincarnations of services that were seized during a prior sweep in December, which targeted 48 top booter services.
“Victims who are attacked by such services, or those providing Internet services to the victims, often have to ‘overprovision,’ that is, pay for increased Internet bandwidth in order to absorb the attacks, or subscribe to DDoS protection services, or purchase specialized hardware designed to mitigate the effects of DDoS attacks,” according to the affidavit in support of the seizure warrants filed this week. “The prices of such overprovision or DDoS protection services are usually significantly more expensive than the cost of a given booter service.
In conjunction with the domain seizures, the Justice Department announced today that four defendants charged in Los Angeles in late 2022 pleaded guilty earlier this year to federal charges and admitted that they operated or participated in the operation of booter services. Those defendants are:
- Jeremiah Sam Evans Miller, aka “John The Dev,” 23, of San Antonio, Texas, who pleaded guilty on April 6 to conspiracy and violating the computer fraud and abuse act related to the operation of a booter service named RoyalStresser.com (formerly known as Supremesecurityteam.com);
- Angel Manuel Colon Jr., aka “Anonghost720” and “Anonghost1337,” 37, of Belleview, Florida, who pleaded guilty on February 13 to conspiracy and violating the computer fraud and abuse act related to the operation of a booter service named SecurityTeam.io;
- Shamar Shattock, 19, of Margate, Florida, who pleaded guilty on March 22 to conspiracy to violate the computer fraud and abuse act related to the operation of a booter service known as Astrostress.com; and
- Cory Anthony Palmer, 23, of Lauderhill, Florida, who pleaded guilty on February 16 to conspiracy to violate the computer fraud and abuse act related to the operation of a booter service known as Booter. sx.
All four defendants are scheduled to be sentenced this summer.
Assistant United States Attorneys Cameron L. Schroeder, Chief of the Cyber and Intellectual Property Crimes Section, and Aaron Frumkin, also of the Cyber and Intellectual Property Crimes Section, are prosecuting the criminal cases. Assistant United States Attorney James E. Dochterman of the Asset Forfeiture and Recovery Section is handling the seizure of the domains.
The cases announced today are being investigated by the FBI’s Anchorage and Los Angeles field offices.
