The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 48 domains that offered services to conduct distributed denial-of-service (DDoS) attacks on behalf of other threat actors, effectively lowering the barrier to entry for malicious activity.
It also charged six suspects – Jeremiah Sam Evans Miller (23), Angel Manuel Colon Jr. (37), Shamar Shattock (19), Cory Anthony Palmer (22), John M. Dobbs (32), and Joshua Laing (32) – for their alleged ownership in the operation.
The websites "allowed paying users to launch powerful distributed denial-of-service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet," the DoJ said in a press statement.
The six defendants have been charged with running various booter (or stresser) services, including RoyalStresser[.]com, SecurityTeam[.]io, Astrostress[.]com, Booter[.]sx, IPStresser[.]com, and TrueSecurityServices[.]io. They have also been accused of violating the computer fraud and abuse act.
These websites, although claiming to provide testing services to assess the resilience of a paying customer's web infrastructure, are believed to have targeted several victims in the U.S. and elsewhere, such as educational institutions, government agencies, and gaming platforms.
The DoJ noted that millions of individuals were attacked using the DDoS-for-hire platforms. According to court documents, over one million registered users of IPStresser[.]com conducted or attempted to carry out more than 30 million DDoS attacks between 2014 and 2022.
An analysis of communications between the booter site administrators and their customers undertaken by the U.S. Federal Bureau of Investigation (FBI) showed that the services were obtained through a cryptocurrency payment.
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
"Established booter and stresser services offer a convenient means for malicious actors to conduct DDoS attacks by allowing such actors to pay for an existing network of infected devices, rather than creating their own," the FBI said. "Booter and stresser services may also obscure attribution of DDoS activity."
The development comes four years after the DoJ and FBI took similar steps in December 2018 to seize 15 domains that advertised computer attack platforms like Critical-boot[.]com, RageBooter[.]com, downthem[.]org, quantumstress[.]net, Booter[.]ninja, and Vbooter[.]org.
An April 2018 exercise led by Europol likewise saw the disruption of Webstresser[.]org, which enabled registered users to pay as little as €15 a month to rent out its services for launching DDoS attacks against banks, governments, and the gaming sector.
The domain takedowns are part of an ongoing coordinated law enforcement effort codenamed Operation PowerOFF in collaboration with authorities from the U.K., the Netherlands, Germany, Poland, and Europol aimed at dismantling criminal DDoS-for-hire infrastructures worldwide.