An Illinois man pleaded guilty earlier this week for owning, administrating, and supporting an illegal booting service that launched millions of distributed denial of service attacks, the U.S. Department of Justice announced.
The man, Sergiy P. Usatyuk, 20, of Orland Park, Illinois, worked with a co-conspirator to develop and operate multiple booter services and booter-related services between August 2015 and November 2017.
The illegal services included ExoStress.in (“ExoStresser”), QuezStresser.com, Betabooter.com (“Betabooter”), Databooter.com, Instabooter.com, Polystress.com, and Zstress.net. ExoStresser was being advertised in September 2017 as having launched 1,367,610 DDoS attacks and causing 109,186.4 hours of network downtime.
Booters or stressers are web-based services that allow cybercriminals to launch DDoS attacks that flood targeted systems with unrequested traffic, causing them to drop from the Internet. DDoS attacks also impact computer systems that are not targeted directly.
According to criminal information, Betabooter was used in November 2016 to launch attacks against a school district in the Pittsburgh, Pennsylvania area, which also disrupted the computer systems of 17 organizations that shared the computer infrastructure, including other school districts, the county government, the county’s career and technology centers, and a Catholic Diocese in the area.
Usatyuk and a co-conspirator reportedly made over $550,000 from charging subscriber fees to paying customers of their booter services, as well as from selling advertising space to other booter operators.
The number of DDoS attacks is said to have decreased last year, although these assaults are more powerful than before, courtesy of newly discovered amplification techniques. Authorities have increased their take-down efforts against booters, and are also targeting the users of such services.