In an effort to lower the entrance barrier for malicious activity, the U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 48 domains that provided services to carry out distributed denial-of-service (DDoS) cyberattacks on behalf of other threat actors.
Additionally, six individuals were charged for their alleged ownership of the operation: Jeremiah Sam Evans Miller (age 23), Angel Manuel Colon Jr. (age 37), Shamar Shattock (age 19), Cory Anthony Palmer (age 22), John M. Dobbs (age 32), and Joshua Laing (age 32).
According to a news release from the DoJ, the websites “enabled paying users to launch effective distributed denial-of-service, or DDoS, attacks that overwhelm targeted computers with data and prevent them from being able to access the internet.”
The six defendants are accused of operating a number of booter (or stresser) services, including RoyalStresser[.]com, SecurityTeam[.]io, Astrostress[.]com, Booter[.]sx, IPStresser[.]com, and TrueSecurityServices[.]io. Additionally, they are charged with breaking the Computer Fraud and Abuse Act.
These websites, despite purporting to offer testing services to evaluate the web infrastructure resilience of paying customers, are suspected to have targeted a number of victims in the United States and overseas, including educational institutions, governmental organizations, and gambling platforms.
The DoJ observed that sites for DDoS-for-hire were used to attack millions of people. More than a million registered users of IPStresser[.]com carried out or attempted to carry out more than 30 million DDoS attacks between 2014 and 2022, according to court filings.
The booter site administrators and their clients’ interactions were examined by the U.S. Federal Bureau of Investigation (FBI), who discovered that cryptocurrency was used to pay for the services.
Since they can pay for an existing network of infected devices rather than building their own, “established booter and stresser services offer a straightforward mechanism for criminal actors to launch DDoS attacks,” according to the FBI. “Booter and stresser services may help obfuscate DDoS activity attribution.”
Four years ago, in December 2018, the DoJ and FBI took similar action to seize 15 domains that promoted computer attack platforms like Critical-boot[.]com, RageBooter[.]com, downthem[.]org, quantumstress[.]net, Booter[.]ninja, and Vbooter[.]org.
Webstresser[.]org, which allowed registered users to rent out its services for initiating DDoS attacks against banks, governments, and the gaming industry, was also shut down as part of an April 2018 exercise organized by Europol.
The domain takedowns are a part of an ongoing coordinated law enforcement operation code-named Operation PowerOFF involving authorities from the U.K., the Netherlands, Germany, Poland, and Europol with the goal of destroying criminal DDoS-for-hire infrastructures around the world.