As Part of International Efforts Targeting So-Called ‘Booter’ Services,
FBI Seizes 48 Internet Domains that Offered DDoS-for-Hire Services
LOS ANGELES
The Justice Department Wednesday announced the court-authorized seizure of 48 internet domains associated with some of the world’s leading DDoS-for-hire services
Federal prosecutors charged six defendants who allegedly oversaw computer attack platforms commonly called “booter” services.
The FBI is now seizing the websites that allowed paying users to launch powerful distributed denial-of-service, or DDoS, attacks that flood targeted computers with information and prevent them from accessing the internet.
Booter services such as those named in this action allegedly attacked a wide array of victims in the United States and abroad,
Prosecutors stated that this includes educational institutions, government agencies, gaming platforms, and millions of individuals.
In addition to affecting targeted victims, these attacks can significantly degrade internet services and disrupt internet connections.
The websites targeted in this operation were used to launch millions of actual or attempted DDoS attacks targeting victims worldwide.
While some of these services claimed to offer “stresser” services that could purportedly be used for network testing, officials stated that the FBI determined these claims to be a pretense, and “thousands of communications between booter site administrators and their customers…make clear that both parties are aware that the customer is not attempting to attack their own computers,” according to an affidavit filed in support of court-authorized warrants to seize the booter sites.
The coordinated law enforcement action comes just before the Christmas holiday period, which typically brings a significant increase in DDoS attacks across the gaming world, officials noted.
In conjunction with the website seizures, the FBI, the United Kingdom’s National Crime Agency, and the Netherlands Police have launched an advertising campaign using targeted placement ads in search engines triggered by keywords associated with DDoS activities.
The purpose of the ads is to deter potential cyber criminals searching for DDoS services in the United States and around the globe, as well as to educate the public on the illegality of DDoS activities.
“These booter services allow anyone to launch cyberattacks that harm individual victims and compromise everyone’s ability to access the internet,” said U.S. Attorney Martin Estrada. “This week’s sweeping law enforcement activity is a major step in our ongoing efforts to eradicate criminal conduct that threatens the internet’s infrastructure and our ability to function in a digital world.”
“Criminals are increasingly targeting essential services and our critical infrastructure with DDoS attacks that can cost victims valuable time, money and reputational harm,” said Donald Alway, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “Whether a criminal launches an attack independently or pays a skilled contractor to carry one out, the FBI will work with victims and use the considerable tools at our disposal to identify the person or group responsible. Victims of cybercrime are urged to contact their local FBI field office or file a complaint with the FBI’s Internet Crime Complaint Center at ic3.gov.”
This week, law enforcement actions include filing charges against six defendants across the United States who allegedly offered booter services.
Each defendant allegedly operated at least one website that offered one-stop DDoS services and subscriptions of various lengths and attack volumes.
The FBI posed as a customer in these criminal cases and conducted test attacks to confirm that the booter site functioned as advertised.
Central District of California
Prosecutors in Los Angeles this week filed four criminal informations charging four defendants with running booter services.
The defendants charged in Los Angeles are:
- Jeremiah Sam Evans Miller, aka “John The Dev,” 23, of San Antonio, Texas, who is charged with conspiracy to violate and violating the computer fraud and abuse act related to the alleged operation of a booter service named RoyalStresser.com (formerly known as Supremesecurityteam.com);
- Angel Manuel Colon Jr., aka “Anonghost720” and “Anonghost1337,” 37, of Belleview, Florida, who is charged with conspiracy to violate and violating the computer fraud and abuse act related to the alleged operation of a booter service named SecurityTeam.io;
- Shamar Shattock, 19, of Margate, Florida, who is charged with conspiracy for allegedly running a booter service known as Astrostress.com; and
- Cory Anthony Palmer, 22, of Lauderhill, Florida, who is charged with conspiracy for allegedly running a booter service known as Booter.sx.
The four defendants have been informed of the charges against them and are expected to make their initial court appearances in federal court in Los Angeles early next year.
Assistant United States Attorneys Cameron L. Schroeder, Chief of the Cyber and Intellectual Property Crimes Section, and Aaron Frumkin, also of the Cyber and Intellectual Property Crimes Section, are prosecuting the Los Angeles cases.
Assistant United States Attorney James E. Dochterman of the Asset Forfeiture and Recovery Section is handling the seizure of the domains.
The defendants charged in criminal informations filed in Alaska are:
- John M. Dobbs, 32 of Honolulu, Hawaii, who is charged with aiding and abetting violations of the computer fraud and abuse act related to the alleged operation of a booter service named Ipstressor.com, also known as IPS, between 2009 and November 2022.
- Joshua Laing, 32, of Liverpool, New York, who is charged with aiding and abetting violations of the computer fraud and abuse act related to the alleged operation of a booter service named TrueSecurityServices.io between 2014 and November 2022.
The two defendants have been informed of the charges against them and are expected to make their initial court appearance early next year. Defendants are presumed innocent unless proven guilty.
Assistant United States Attorney Adam Alexander is prosecuting the Alaska cases.
In recent years, booter services have proliferated as they offer a low entry barrier for users seeking to engage in cybercriminal activity.
These DDoS attacks are so named because they result in the “booting” or dropping of the targeted computer from the internet.
For additional information on booter and stresser services and the harm that they cause, please visit: https://www.fbi.gov/contact-us/field-offices/anchorage/fbi-intensify-efforts-to-combat-illegal-ddos-attacks.
The cases announced Wednesday are being investigated by the FBI’s Anchorage and Los Angeles field offices.
Invaluable assistance was provided by the FBI field offices in Albany, Honolulu, Miami, Philadelphia and San Antonio; the United Kingdom’s National Crime Agency; the Netherlands Police; EUROPOL; and the Brandon Police Service in Manitoba, Canada. Akamai, Cloudflare, Digital Ocean, Entertainment Software Association, Google, Oracle, Palo Alto Networks Unit 42, PayPal, Unit 221B, the University of Cambridge, Yahoo and other valued private sector partners provided additional assistance.
These law enforcement actions were taken in conjunction with Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructures worldwide, and holding accountable the administrators and users of these illegal services.
In a previous law enforcement action involving prosecutors and investigators in Los Angeles and Anchorage four years ago, the Justice Department charged three defendants who facilitated DDoS-for hire services and seized 15 internet domains associated with DDoS-for-hire services.
The multi-prong investigation announced Wednesday builds on the success of the prior cases by targeting all known booter sites, shutting down as many as possible, and undertaking a public education campaign.