Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US Charges Six in Operation Targeting 48 DDoS-for-Hire Websites

DDoS for hire websites seized by FBI

DDoS for hire websites seized by FBI

The US Justice Department announced on Wednesday that a law enforcement operation has resulted in the seizure of 48 internet domains associated with popular DDoS-for-hire services, as well as charges against six alleged operators of these services.

The websites, known as ‘booter’ or ‘stresser’ services, make it easy for their customers to launch DDoS (distributed denial-of-service) attacks against a target. The customer does not require any knowledge of hacking techniques in order to launch an attack and cause potentially significant disruption.

According to authorities, the seized websites were used to launch millions of actual or attempted DDoS attacks.

Some of the sites attempted to avoid legal liability by claiming that the services they offered were designed for testing the security of the customer’s own network. However, investigators obtained communications between the administrators of the DDoS-for-hire services and their customers, and the messages “make clear that both parties are aware that the customer is not attempting to attack their own computers,” the FBI said.

Authorities pointed out that the DDoS attack services were shut down just before Christmas, when a significant increase in attacks is expected against online gaming services.

Some of the targeted DDoS-for-hire websites display a message informing visitors that they have been seized by the FBI, while others are no longer accessible or display a “closed” message. However, a few of the websites appear to still be accessible at the time of writing.

The seizure message includes the logo of Europol, as well as law enforcement agencies in the UK, the Netherlands, Germany, and Poland.

The DoJ said some of these agencies have launched ad campaigns in search engines to inform and educate the public, and deter potential cybercriminals looking for DDoS services.

Advertisement. Scroll to continue reading.

US authorities have also announced charges against six individuals living in the country. Two of them, John Dobbs, 32, of Hawaii, and Joshua Laing, 32, of New York, have been charged in Alaska for their alleged role in the operation of the booter services named IPStressor.com and TrueSecurityServices.io, respectively. Dobbs is said to have run the IPStressor service for more than a decade and Laing was allegedly involved in the cybercrime operation since 2014.

In addition, four people have been charged in Los Angeles, including Jeremiah Sam Evans Miller of Texas for running RoyalStresser.com, Angel Manuel Colon Jr. of Florida for running SecurityTeam.io, Shamar Shattock of Florida for running Astrostress.com, and Cory Anthony Palmer of Florida for running a booter service named Booter.sx.

All of the six suspects have been informed about the charges brought against them and they are expected to make their first appearance in court early next year.

Related: DDoS-for-Hire Service Admin Pleads Guilty

Related: Authorities Track Down Users of DDoS Services

Related: U.S. Authorities Take Down 15 DDoS-for-Hire Websites

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.