Pierluigi Paganini May 09, 2023

The U.S. DoJ announced the seizure of 13 new domains associated with DDoS-for-hire platforms as part of Operation PowerOFF.

The U.S. Justice Department announced the seizure of 13 domains linked to DDoS-for-hire services as part of a coordinated international law enforcement effort known as Operation PowerOFF.

DDoS-for-hire or ‘booter’ services allows registered users to launch order DDoS attacks without specific knowledge.

According to DoJ, data relating to the operation of DDoS-for-hire services seized in the past by law enforcement show that hundreds of thousands of registered users have used these platforms to launch millions of attacks against millions of victims (i.e. School districts, universities, financial institutions and government websites).

The authorities pointed out that ten of the 13 domains seized as part of Operation PowerOFF are reincarnations of booters that were seized in December. In December 2022, the FBI seized 48 domains linked to DDoS-for-Hire service platforms as part of the same Operation PowerOFF.

The press release published by DoJ states that investigations into booter services are still ongoing.

“Victims who are attacked by such services, or those providing Internet services to the victims, often have to ‘overprovision,’ that is, pay for increased Internet bandwidth in order to absorb the attacks, or subscribe to DDoS protection services, or purchase specialized hardware designed to mitigate the effects of DDoS attacks,” according to the affidavit in support of the seizure warrants filed this week.” states the press release published by Department of Justice. “The prices of such overprovision or DDoS protection services are usually significantly more expensive than the cost of a given booter service.”

The Justice Department also announced that four defendants charged in Los Angeles late 2022 pleaded guilty earlier this year to federal charges and admitted their role in the operation of the DDoS-for-hire services. The four defendants are scheduled to be sentenced this summer.

The defendants are:

• Jeremiah Sam Evans Miller, aka “John The Dev,” 23, of San Antonio, Texas, who pleaded guilty on April 6 to conspiracy and violating the computer fraud and abuse act related to the operation of a booter service named RoyalStresser.com (formerly known as Supremesecurityteam.com);
• Angel Manuel Colon Jr., aka “Anonghost720” and “Anonghost1337,” 37, of Belleview, Florida, who pleaded guilty on February 13 to conspiracy and violating the computer fraud and abuse act related to the operation of a booter service named SecurityTeam.io;
• Shamar Shattock, 19, of Margate, Florida, who pleaded guilty on March 22 to conspiracy to violate the computer fraud and abuse act related to the operation of a booter service known as Astrostress.com; and
• Cory Anthony Palmer, 23, of Lauderhill, Florida, who pleaded guilty on February 16 to conspiracy to violate the computer fraud and abuse act related to the operation of a booter service known as Booter.sx.

In December 2018, the FBI seized other 15 domains associated with DDoS-for-hire services, the U.S. District Court for the Central District of California ordered the seizure of the platforms (including critical-boot(.)com, ragebooter(.)com, downthem(.)org and quantumstress(.)net) on Dec. 19, 2018.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DDoS)