The Justice Department has taken 15 internet domains associated with DDoS-for-hire services offline, and has filed charges against three defendants who allegedly ran them.
DDoS for hire or DDoS-as-a-service operations make it simple for any layperson to carry out DDoS attacks, flooding targets with so much internet traffic that it overwhelms a site or IP address and knocks it offline. Stessor or booter services, as they’re known, allow users to simply pay a low-cost fee to direct those traffic floods to their intended targets without a requirement for deep technical knowledge.
“The attack-for-hire websites targeted in this investigation offered customers the ability to disrupt computer networks on a massive scale, undermining the internet infrastructure on which we all rely,” said United States Attorney Nick Hanna, in a statement issued Thursday. “While this week’s crackdown will have a significant impact on this burgeoning criminal industry, there are other sites offering these services – and we will continue our efforts to rid the internet of these websites. We are committed to seeing the internet remain a forum for the free and unfettered exchange of information.”
The DoJ noted that gaming sites are a popular target for these types of attacks in particular, as players often mount retaliatory attacks against sites for blacklisting them, or against individual rival players.
“The action against the DDoS services comes the week before the Christmas holiday, a period historically plagued by prolific DDoS attacks in the gaming world,” the DoJ said in the statement.
The FBI on Wednesday seized the domains of 15 top booter services, including critical-boot.com, ragebooter.com, downthem.org and quantumstress.net.
“Each of the services was tested by the FBI, which verified those DDoS attack services offered through each of the seized websites,” the department said. “While testing the various services, the FBI determined that these types of services can and have caused disruptions of networks at all levels.”
In tandem with the site takedowns, federal prosecutors in Los Angeles on Wednesday filed a criminal complaint against two men for conspiring to violate the Computer Fraud and Abuse Act, while the United States Attorney’s Office for the District of Alaska last week charged another with aiding and abetting computer intrusions.
Matthew Gatrel of St. Charles, Ill., and Juan Martinez of Pasadena, Calif. are suspected of operating two stressor services known as Downthem and Ampnode; and in the second case, David Bukoski, 23, of Hanover Township, Penn. is charged with operating Quantum Stresser, one of the longest-running DDoS services in operation.
The department gave a snapshot of the scope of the activity. “Between October 2014 and November 2018, Downthem’s database showed over 2,000 customer subscriptions, and had been used to conduct, or attempt to conduct, over 200,000 DDoS attacks,” the DoJ said. It added, “As of late last month, Quantum had over 80,000 customer subscriptions dating back to its launch in 2012. In 2018 alone, Quantum was used to launch over 50,000 actual or attempted DDoS attacks targeting victims worldwide, including victims in Alaska and California.”
This is the second major DDoS takedown this year. In April, Europol dismantled Webstresser[.]org, a DDoS-for-hire market believed to be behind at least 4 million cyberattacks around the world. A multi-national investigation led to the arrest of the administrators of the site, which sold the capability to knock websites offline and take down domains for as little as $18 per month. Investigators also shut down the service completely and seized its infrastructure, which was installed in the Netherlands, the US and Germany.