In context: We deal with DDoS attacks every day, from minor outages to targeted disruptions that test even our most resilient servers. Now imagine a threat far beyond that scale – something so powerful it could overwhelm nearly any system. This story reminds us how quickly digital infrastructure can be pushed to the brink.
Federal authorities have charged a 22-year-old Oregon man with operating one of the most powerful cyberattack networks ever documented, capable of crippling major websites, including Elon Musk's social media platform X. Ethan Foltz of Eugene faces up to ten years in prison on charges of abetting computer intrusions for his alleged role in running the notorious Rapper Bot network (aka Eleven11bot).
The Justice Department said that Foltz operated a vast botnet built from tens of thousands of hacked devices, primarily routers, digital video recorders, and cameras. Rapper Bot specialized in distributed denial-of-service attacks, flooding targeted websites with junk traffic to knock them offline.
Nokia measured attacks from the network in February and March ranging as high as 6.5 trillion bits per second – an astronomical level compared with the few hundred million bits per second of a typical high-speed connection. According to a criminal complaint filed in an Alaskan federal court, that figure placed Rapper Bot among the most destructive DDoS botnets ever seen.
Investigators said Foltz profited by renting the network's services to customers, including gambling operators who used it for extortion. Rapper Bot launched more than 370,000 attacks across 80 countries – including the United States, China, and Japan – against critical infrastructure and major technology firms.
"While large cloud providers can absorb this traffic without issue, these incidents can be quite disruptive for organizations operating their own technology infrastructure," said Tom Scholl, an engineer with Amazon Web Services.
Court documents revealed partially redacted high-profile targets such as a US government network, a popular social-media platform, and many domestic tech companies. Chinese cybersecurity firm Qi An Xin linked Rapper Bot to attacks on both X and the artificial intelligence company DeepSeek. The botnet also struck Defense Department computers at least three times.
Nokia researcher Jérôme Meyer said the takedown removed a massive and unprecedented threat, noting that at its peak, the network mobilized tens of thousands of devices, many with no prior role in DDoS attacks. He emphasized that dismantling Rapper Bot eliminates one of the leading sources of disruptive attacks currently facing organizations worldwide, marking a significant victory for federal cybersecurity efforts.
Federal authorities take down one of the largest DDoS network operators ever
