Six suspects have been charged by the US Department of Justice for their involvement in a Distributed Denial of Service-as-a-Service crime ring. “Booter” or “Stresser” platforms allow anyone to conduct DDoS attacks under the guise of providing DDoS attack stress-testing. The bust is part of an international crime investigation led by the Dutch government deemed Operation PowerOff.
Forty-eight domains were seized along with the six suspects Angel Manuel Colon Jr (37), John M. Dobbs (32), Joshua Laing (32), Jeremiah Sam Evans Miller (23), Cory Anthony Palmer (22) and Shamar Shattock (19), alleged to be the ring leaders of the operation.
The National Crime Agency (NCA) in the UK also arrested an 18-year-old in Devon who is suspected of being an administrator on one of the sites.
FBI bust seizes 48 domains
The defendants have been charged with running “Booter” or “Stresser” services from the now seized websites; RoyalStresser.com, SecurityTeam.io, Astrstress.com, IPStresser.com, Booter.sx and TrueSecurityServices.io.
The nefarious sites offered a range of packages and membership options, explains a release by the NCA, with prices ranging from $10 to $2,500 per month.
The now-seized websites would apparently allow a user to implement a powerful DDoS attack that would knock the target smartly offline. The provision of DDoSaaS meant that the barrier to entry for implementing DDoS attacks was dangerously lowered.
DDoS attacks are illegal in the UK under the Computer Misuse Act 1990.
These booter services would allegedly attack a wide array of victims in the United States and abroad, including organisations in Education, Government and some gaming platforms, as well as millions of individuals, explains a statement released by the DoJ.
While some of these services claimed to offer “stresser” services that could purportedly be used for network testing, the FBI determined these claims to be a pretence. According to an affidavit released by the agency: “Thousands of communications between booter site administrators and their customers…make clear that both parties are aware that the customer is not attempting to attack their own computers.”
The sites seized in this bust were the biggest DDoSaaS on the market. The domain IPStresser.com had over one million registered users who conducted more than 30 million DDoS attacks between 2014 and 2022. The sites together targeted millions of individuals.
Around a quarter of referrals received by the NCA’s Cyber Prevent Team involve individuals using booter services.
Frank Tutty from the NCA’s National Cybercrime Unit said, “This operation has taken out a significant proportion of the DDoS-for-hire marketplace, removing booter services which are a key enabler of this criminality.
“The perceived anonymity and ease of use afforded by booter services now means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.
“Users of these sites based in the UK have been identified and can expect a visit from the NCA or police in the coming months,” he said.
Operation PowerOff
The DDoSaaS bust is part of an international investigation called Operation PowerOff led by the Dutch Police, the UK’s National Crime Agency and Europol.
The last big bust in the investigation was in April 2018 when investigators in the UK, US and the Netherlands seized the DDoSaaS service WebStresser.org, arresting administrators and halting the nefarious activities of 151,000 registered users responsible for launching up to four million DDoSS attacks over the space of four years, states a release by Europol.
The Netherlands Police, the NCA and the FBI Anchorage Field Office have been running advertising campaigns targeting people looking for cybercrime services on search engines.
Those found to be searching for the service in the UK are met with messaging telling them DDoS is illegal, directing them to a Cyber Choices webpage.
“Stresser websites make powerful weapons in the hands of cybercriminals,” said Jaap van Oss, Dutch Chairman of the Joint Cybercrime Action Taskforce (J-CAT). “International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users. This joint operation is yet another successful example of the ongoing international effort against these destructive cyberattacks.”