What just happened? The United States Justice Department has seized 13 additional internet domains linked to DDoS-for-hire services as part of a long-running law enforcement operation in collaboration with international law enforcement agencies. Known as Operation PowerOFF, the action is meant to disrupt the businesses of several online platforms that allow cybercriminals to pay in cryptocurrencies to launch DDoS attacks against any target.

In a press release announcing the operation's success, the U.S. Attorney's Office for the Central District of California confirmed that it had seized 13 internet domains associated with DDoS-for-hire services as part of an ongoing initiative targeting online 'booter' services that make DDoS attacks relatively easy to launch for any inexperienced cybercriminal.

Describing the seizures as part of the 'third wave' of U.S. law enforcement actions against prominent DDoS service providers, the DoJ said that its actions are aimed at "dismantling criminal DDoS-for-hire infrastructures worldwide, and holding accountable the administrators and users of these illegal services."

While the seizure of 13 domains is a big victory for law enforcement, 10 of these were the newer avatars of services that were closed down in an earlier operation in December 2022. During that sweep, the feds shut down 48 internet domains and charged six suspects for their alleged involvement in running booter or stresser services.

As an example of how some of these services remained operational by changing their domain, the DoJ said that one of the domains seized this week – cyberstress.org – appeared to be the same service that was previously operated under the domain cyberstress.us, which was seized in December.

The U.S. was the most favored domain registrar location for these services, but some of the sites were also registered in France, Hong Kong, Italy and Canada. Most of the web hosting, however, happened abroad, including in Canada, Russia, Portugal, France, Ukraine, and the Netherlands. Only one of the seized domains was hosted in the United States.

Explaining its modus operandi, the DoJ said that the FBI opened accounts with the booter service providers and paid the subscription fees to launch a series of DDoS attacks on web properties owned by the agency. This was done to check the service providers' capabilities of launching genuine DDoS attacks against specific targets. Once the claims were validated, the agency moved to seize the domains and shut down their illicit operations.

While the revival of old DDoS-for-hire services highlights the difficulty that law enforcement agencies have in tackling online crime, there is some good news on the prosecution front. Four of the suspects charged by the DoJ as part of the last crackdown have pleaded guilty to participating in the operation of booter services. The suspects range in age between 19 and 37, and are from Florida and Texas.