Sting op takes down 50 DDoS-for-hire domains, seven people collared
Cops give denial-of-service sites an extra special denial of service
Police around the globe have seized as many as 50 internet domains said to be involved in tens of millions of distributed-denial-of-service (DDoS) attacks worldwide. Seven people were collared during the swoop.
The so-called "booter" websites sold "some of the world's leading DDoS-for-hire services," allowing paying customers to launch these networking-flooding cyberattacks against chosen victims, according to the US Justice Department, which announced 48 domain seizures and criminal charges against six individuals on Wednesday.
Europol put the number of takedowns that were part of this Operation Power Off at 50, and said one of the nefarious sites had been used to deploy more than 30 million attacks. In addition to a total of seven suspected booter site administrators detained thus far, "further actions [are] planned against the users of these illegal services," the European cops said.
While some of the sites claimed to offer "stresser" services, ostensibly to help organizations test whether their networks could withstand a DDoS flood, after reviewing "thousands of communications between booter site administrators and their customers; these communications make clear that both parties are aware that the customer is not attempting to attack their own computers," according to an FBI affidavit [PDF] filed in support of court-authorized warrants to seize the sites.
These DDoS-for-hire services have been used against a wide array of victims around the globe, including educational institutions, government agencies, gaming platforms and millions of individuals, and the timing of the takedown isn't a coincidence, we're told. The Christmas holiday season usually brings a flurry of DDoS attacks against websites to disrupt sales and as IT admins are often on paid time off.
Also related to the website seizures, the FBI, the UK's National Crime Agency, and the Netherlands police have launched an advertising campaign across search engines in which the ads are triggered by keywords associated with DDoS activities. The ads aim to deter would-be cybercriminals searching for DDoS services and to educate the public.
- Microsoft: (Cyber) winter is coming as DDoS attack disrupts Russian bank
- FBI: Russian hacktivists achieve only 'limited' DDoS success
- LockBit threatens to leak confidential info stolen from California's beancounters
- Seven smuggled US military tech for Moscow, say Feds
In addition to the DDoS domain takedowns, authorities in the US filed charges against six defendants who each allegedly operated at least one booter website. For each one, the FBI posed as a customer and conducted test attacks to confirm that the DDoS-for-hire site functioned as advertised.
The alleged criminals are:
Jeremiah Sam Evans Miller, aka "John The Dev," 23, of San Antonio, Texas. He is charged with conspiracy to violate and violating the computer fraud and abuse act related to the alleged operation of a booter service named RoyalStresser.com, formerly known as Supremesecurityteam.com.
Angel Manuel Colon Jr., aka "Anonghost720" and "Anonghost1337," 37, of Belleview, Florida, who is charged with conspiracy to violate and violating the computer fraud and abuse act related to the alleged operation of a service named SecurityTeam.io.
Shamar Shattock, 19, of Margate, Florida, who is charged with conspiracy for allegedly running a booter service known as Astrostress.com.
Cory Anthony Palmer, 22, of Lauderhill, Florida, who is charged with conspiracy for allegedly running a service known as Booter.sx.
John M. Dobbs, 32 of Honolulu, Hawaii, who is charged with aiding and abetting violations of the computer fraud and abuse act related to the alleged operation of a booter service named Ipstressor.com, also known as IPS, between 2009 and November 2022.
Joshua Laing, 32, of Liverpool, New York, who is charged with aiding and abetting violations of the computer fraud and abuse act related to the alleged operation of a booter service named TrueSecurityServices.io between 2014 and November 2022.
The National Crime Agency did not name the suspected UK site administrator arrested in relation to the DDoS operation. ®