Feds Seize 48 DDoS-for-Hire Domains, Charge Six Individuals

This week, the U.S. Department of Justice (DoJ) authorized the FBI to take down 48 domains engaged in distributed denial-of-service (DDoS) attacks. Law enforcement agencies are also charging six defendants responsible for operating DDoS booter services.

The Department of Justice’s press release states these 48 websites were a front for launching millions of DDoS attacksOpens a new window globally. Europol addedOpens a new window that one of these sites was used to carry out more than 30 million DDoS attacks. Operators of these websites marketed themselves as “booter” or “stressor” services, i.e., to stress-test the underlying bandwidth.

However, an investigation revealed that these 48 websites were actually carrying out DDoS-for-hire operations to enable any technically unskilled and paying user to ‘boot’ a target off the internet. DDoS attacks generally involve requesting overwhelming traffic from websites, thereby knocking them off.

After reviewing the communication between site administrators and customers, the feds discovered malice, which indicated “that both parties are aware that the customer is not attempting to attack their own computers.”

The websites in question have been used to target educational institutions, government agencies, gaming platforms and millions of individuals in exchange for money paid in cryptocurrency. “Some sites use the term ‘stresser’ in an effort to suggest that the service could be used to test the resilience of one’s own infrastructure,” noted FBI special agent Elliott Peterson in an affidavit.

“However… I believe this is a façade and that these services exist to conduct DDoS attacks on victim computers not controlled by the attacker, and without the authorization of the victim.”

See More: C2-as-a-Service Portal Dark Utilities Now Boasts Over 3,000 Criminal Subscribers

Besides the FBI, the law enforcement action, dubbed Operation PowerOFF, also involved participation from the U.K.’s National Crime Agency, the Netherlands Police, Europol, and the Brandon Police Service of Canada which resulted in the seizure of the following websites:

The six individuals arrested and charged include John M. Dobbs (32, Honolulu, HI), Joshua Laing (32, of Liverpool, NY), Jeremiah Sam Evans aka “John The Dev” (23, San Antonio, TX), Angel Manuel Colon Jr. “Anonghost720” and “Anonghost1337,” (37, Belleview, FL), Shamar Shattock (19, of Margate, FL), and Cory Anthony Palmer (22, of Lauderhill, FL).

Shattock and Palmer were charged with allegedly running respective booter services, while Miller, Colon Jr., Dobbs, and Liang were charged with conspiracy to violate the computer fraud and abuse act along with running booter services.

All six defendants are expected to appear before a court in early 2023. “Each defendant allegedly operated at least one website that offered one-stop DDoS services and subscriptions of various lengths and attack volumes,” the DoJ press release readsOpens a new window . “In each of these criminal cases, the FBI posed as a customer and conducted test attacks to confirm that the booter site functioned as advertised.”

The U.S. government’s previous action against DDoS-for-hire services includes the takedown of 15 domains.

Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

Image source: Shutterstock

MORE ON CYBERATTACKS

• Pro-Russia Killnet Group Takes Down the European Parliament Website
• How CLDAP Reflectors Enable DDoS Attacks & Ways to Reduce Your Exposure
• Number of CLDAP Reflectors Shot Up by 60% in 2022, Amplifying DDoS Risks
• Killnet Targets U.S. Airports in New Wave of DDoS Attacks, Calls on Hacktivists to Target Civilian Infrastructure