FBI charges three in connection with DDoS-for-hire website seizures
Merry Christmas from the FBIBy Cal Jeffrey
What just happened? At least three men and over a dozen websites got an early Christmas present from the FBI. In cooperation with California and Alaska authorities the US Federal Bureau of Investigation seized several website offering DDoS services and arrested three individuals running some of the sites.
On Thursday, federal authorities seized 15 different "booter" websites and charged three individuals with crimes. Booter sites, also known as "stresser" services allow individuals without any hacking experience to execute distributed-denial-of-service (DDoS) attacks for a fee.
As of this morning, the FBI has taken down the following "attack-for-hire" domains:
- Anon Security Team
- Critical BOOT
- DEFCON PRO
- Defiance Protocol
- Quantum Stress
- Str3ssed Networks
- TOR Security Team
"While this week's crackdown will have a significant impact on this burgeoning criminal industry, there are other sites offering these services - and we will continue our efforts to rid the internet of these websites," said United States Attorney Nick Hanna in a press release. "We are committed to seeing the internet remain a forum for the free and unfettered exchange of information."
These sites have mostly flown under the FBI's radar because they advertise themselves as services to be used for stress testing domains that are owned by the subscriber. However, they have long been used to interrupt other websites, usually out of anger or spite. Many of the seized domains have been identified as being behind recent DDoS attacks of serval gaming websites.
"The action against the DDoS services comes the week before the Christmas holiday, a period historically plagued by prolific DDoS attacks in the gaming world," said an FBI press release.
In addition to the seizure warrants executed against the websites, two men have been charged with conspiracy to violate the Computer Fraud and Abuse Act. Matthew Gatrel and Juan Martinez have both been indicted with crimes relating to their operation of websites Downthem and Ampnode respectively.
A third individual, David Bukowski has been charged with aiding and abetting computer intrusions. Bukowski allegedly operated Quantum Stresser, which was one of the longest running of the DDoS services on the web. The FBI estimates that the site was behind over 50,000 successful and attempted attacks in 2018 and had over 80,000 subscribers since 2012.
While no users of these services have been arrested, authorities caution that they can and will seek prosecution of anyone paying for cyber attacks.
"Whether you launch the DDoS attack or hire a DDoS service to do it for you, the FBI considers it criminal activity," said FBI Assistant Director Matthew Gorham. "Working with our industry and law enforcement partners, the FBI will identify and potentially prosecute you for this activity. We will use every tool at our disposal to combat all forms of cybercrime including DDoS activity."