CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



U.S. Authorities Take Down 15 DDoS-for-Hire Websites

The Federal Bureau of Investigation (FBI) this week seized 15 domains associated with DDoS-for-hire services, the Department of Justice announced. 

The Federal Bureau of Investigation (FBI) this week seized 15 domains associated with DDoS-for-hire services, the Department of Justice announced. 

In addition to taking down the websites, which allowed users to launch powerful distributed denial-of-service (DDoS) attacks, the authorities charged three individuals who facilitated the computer attack platforms. 

Through the seized websites, users could pay to cripple targeted networks by flooding them with traffic. Called “booters” or “stressers,” such services allegedly cause attacks on various victims in the United States and abroad, including financial institutions, universities, Internet service providers, government systems, and various gaming platforms.

The websites (including critical-boot(.)com, ragebooter(.)com, downthem(.)org and quantumstress(.)net) were seized on Dec. 19, pursuant to warrants issued by the U.S. District Court for the Central District of California. The services provided easy access to attack infrastructure and various payment options, including Bitcoin, and were relatively low cost, an affidavit in support of the warrant reveals.

“Each of the services was tested by the FBI, which verified those DDoS attack services offered through each of the seized websites. While testing the various services, the FBI determined that these types of services can and have caused disruptions of networks at all levels,” the DoJ announcement reads. 

Also on Dec.19, Matthew Gatrel, 30, of St. Charles, Illinois, and Juan Martinez, 25, of Pasadena, California, were charged for operating the Downthem and Ampnode services. A criminal complaint filed in Los Angeles claims Downthem offered DDoS services directly to users, while Ampnode provided resources needed to create standalone DDoS services. 

Between Oct. 2014 and Nov. 2018, Downthem had over 2,000 customer subscriptions and was used to launch or attempt to launch over 200,000 DDoS attacks.

On Dec. 12, David Bukoski, 23, of Hanover Township, Pennsylvania, was charged for operating Quantum Stresser, one of the longest-running DDoS-for-hire services. Launched in 2012, the service had over 80,000 customer subscriptions as of Nov. 29 and was used to launch over 50,000 actual or attempted DDoS attacks.

Advertisement. Scroll to continue reading.

“The attack-for-hire websites targeted in this investigation offered customers the ability to disrupt computer networks on a massive scale, undermining the internet infrastructure on which we all rely.  While this week’s crackdown will have a significant impact on this burgeoning criminal industry, there are other sites offering these services – and we will continue our efforts to rid the internet of these websites,” U.S. Attorney Nicola T. Hanna of the Central District of California said. 

Related: California Man Gets 26-Month Prison Sentence for DDoS Attacks

Related: DDoS Attacks Less Frequent But Pack More Punch: Report

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...