As part of an ongoing initiative to combat cybercrime, the Justice Department has announced the court-authorized seizure of 13 internet domains associated with DDoS-for-hire services.
This marks the third wave of U.S. law enforcement actions against prominent booter services that enable paying users to launch powerful distributed denial-of-service (DDoS) attacks.
The seizures this week are the third wave of U.S. law enforcement actions against prominent booter services that allowed paying users to launch powerful distributed denial-of-service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet.
Data relating to the operation of booter sites previously seized by law enforcement show that hundreds of thousands of registered users have used these services to launch millions of attacks against millions of victims. School districts, universities, financial institutions and government websites are among the victims who have been targeted in attacks launched by booter services.
Ten of the 13 domains seized today are reincarnations of services that were seized during a prior sweep in December, which targeted 48 top booter services. For example, one of the domains seized this week – cyberstress.org – appears to be the same service operated under the domain cyberstress.us, which was seized in December. While many of the previously disrupted booter services have not returned, today’s action reflects law enforcement’s commitment to targeting those operators who have chosen to continue their criminal activities.
Authorities emphasized that investigations into booter services remain ongoing.
In relation to the domains seized this week, the FBI opened or renewed accounts with each booter service and used cryptocurrency to pay for subscription plans. Each service was tested by using the website to launch DDoS attacks on computers controlled by the FBI.
The FBI then observed the effects of the attacks at their “victim” computers, confirming that the booter websites operated as advertised. In some cases, despite the “victim” computer being on a network with a large amount of capacity, the test attack was so powerful that it completely severed the internet connection.
In addition to harming victims by disrupting or degrading access to the internet, attacks from booter services can also completely sever internet connections for other customers served by the same internet service provider via a shared connection point.
“Victims who are attacked by such services, or those providing Internet services to the victims, often have to ‘overprovision,’ that is, pay for increased Internet bandwidth in order to absorb the attacks, or subscribe to DDoS protection services, or purchase specialized hardware designed to mitigate the effects of DDoS attacks,” according to the affidavit in support of the seizure warrants filed this week. “The prices of such overprovision or DDoS protection services are usually significantly more expensive than the cost of a given booter service.
In conjunction with the domain seizures, the Justice Department announced today that four defendants charged in Los Angeles late 2022 pleaded guilty earlier this year to federal charges and admitted that they operated or participated in the operation of booter services. Those defendants are:
- Jeremiah Sam Evans Miller, aka “John The Dev,” 23, of San Antonio, Texas, who pleaded guilty on April 6 to conspiracy and violating the computer fraud and abuse act related to the operation of a booter service named RoyalStresser.com (formerly known as Supremesecurityteam.com);
- Angel Manuel Colon Jr., aka “Anonghost720” and “Anonghost1337,” 37, of Belleview, Florida, who pleaded guilty on February 13 to conspiracy and violating the computer fraud and abuse act related to the operation of a booter service named SecurityTeam.io;
- Shamar Shattock, 19, of Margate, Florida, who pleaded guilty on March 22 to conspiracy to violate the computer fraud and abuse act related to the operation of a booter service known as Astrostress.com; and
- Cory Anthony Palmer, 23, of Lauderhill, Florida, who pleaded guilty on February 16 to conspiracy to violate the computer fraud and abuse act related to the operation of a booter service known as Booter.sx.
All four defendants are scheduled to be sentenced this summer.
