Law enforcement take down 15 DDoS-for-Hire services

U.S. Authorities Take Down 15 DDoS-for-Hire Websites

The Department of Justice (DoJ) announced that the FBI seized 15 domains associated with DDoS-for-hire services.

The FBI has seized 15 domains associated with DDoS-for-hire services (aka booters or stressers) that were used by their customers to launch powerful DDoS attacks.

The U.S. District Court for the Central District of California ordered the seizure of the platforms (including critical-boot(.)com, ragebooter(.)com, downthem(.)org and quantumstress(.)net) on Dec. 19.

The authorities charged three individuals who operated the DDoS-for-hire services, most of the victims hit by the malicious traffic generated by the platforms were in the United States and abroad.

The platforms were used to carry out attacks against universities, government systems, financial institutions, Internet service providers, and gaming platforms.

The platforms were very cheap and provided anything necessary to launch a DDoS attack, they also implemented various payment options, including virtual currencies such as Bitcoin.

“On Dec. 19, pursuant to seizure warrants issued by the U.S. District Court for the Central District of California, the FBI seized the domains of 15 booter services, which represent some of the world’s leading DDoS-for-hire services.  Among these sites were critical-boot.com, ragebooter.com, downthem.org and quantumstress.net.” reads the Press Release published by DoJ.

“According to the affidavit in support of the warrant authorizing the seizure of the 15 websites, these services offered easy access to attack infrastructure, payment options that included Bitcoin, and were relatively low cost.  Each of the services was tested by the FBI, which verified those DDoS attack services offered through each of the seized websites.  While testing the various services, the FBI determined that these types of services can and have caused disruptions of networks at all levels.”

In conjunction with the seizure warrants, the U.S. Attorney’s Office charged Matthew Gatrel (30) and Juan Martinez (25) with conspiring to violate the Computer Fraud and Abuse Act. The duo operated the DDoS-for-hire services known as Downthem and Ampnode. 

While Downthem offered DDoS services to its users, Ampnode provided resources needed to arrange a standalone DDoS services

It has been determined that between Oct. 2014 and Nov. 2018, Downthem had over 2,000 customer subscriptions and launched over 200,000 DDoS attacks.

On Dec. 12, the U.S. Attorney’s Office for the District of Alaska charged David Bukoski (23) with aiding and abetting computer intrusions. Bukoski operated Quantum Stresser, one of the longest-running DDoS services in operation.  It has been estimated that as of Nov. 29, Quantum had over 80,000 customer subscriptions and in 2018 alone, the platform was used to launch over 50,000 attacks targeting victims worldwide.

DoJ praised collaboration among Districts and coordination with public sector partners.

“DDoS for hire services such as these pose a significant national threat,” said U.S. Attorney Schroder.  “Coordinated investigations and prosecutions such as these demonstrate the importance of cross-District collaboration and coordination with public sector partners.” concludes the press release,

“The attack-for-hire websites targeted in this investigation offered customers the ability to disrupt computer networks on a massive scale, undermining the internet infrastructure on which we all rely,” said U.S. Attorney Hanna.

Even if the crackdown operated by the FBI have a significant impact on this cybercriminal ecosystem, many other websites continue to offer DDoS-for-hire services.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs –malware, memes)

[adrotate banner=”5″] [adrotate banner=”13″]

The U.S. District Court for the Central District of California ordered the seizure of the platforms (including critical-boot(.)com, ragebooter(.)com, downthem(.)org and quantumstress(.)net) on Dec. 19.

The authorities charged three individuals who operated the DDoS-for-hire services, most of the victims hit by the malicious traffic generated by the platforms were in the United States and abroad.

The platforms were used to carry out attacks against universities, government systems, financial institutions, Internet service providers, and gaming platforms.

The platforms were very cheap and provided anything necessary to launch a DDoS attack, they also implemented various payment options, including virtual currencies such as Bitcoin.

“On Dec. 19, pursuant to seizure warrants issued by the U.S. District Court for the Central District of California, the FBI seized the domains of 15 booter services, which represent some of the world’s leading DDoS-for-hire services.  Among these sites were critical-boot.com, ragebooter.com, downthem.org and quantumstress.net.” reads the Press Release published by DoJ.

“According to the affidavit in support of the warrant authorizing the seizure of the 15 websites, these services offered easy access to attack infrastructure, payment options that included Bitcoin, and were relatively low cost.  Each of the services was tested by the FBI, which verified those DDoS attack services offered through each of the seized websites.  While testing the various services, the FBI determined that these types of services can and have caused disruptions of networks at all levels.”

In conjunction with the seizure warrants, the U.S. Attorney’s Office charged Matthew Gatrel (30) and Juan Martinez (25) with conspiring to violate the Computer Fraud and Abuse Act. The duo operated the DDoS-for-hire services known as Downthem and Ampnode. 

While Downthem offered DDoS services to its users, Ampnode provided resources needed to arrange a standalone DDoS services

It has been determined that between Oct. 2014 and Nov. 2018, Downthem had over 2,000 customer subscriptions and launched over 200,000 DDoS attacks.

On Dec. 12, the U.S. Attorney’s Office for the District of Alaska charged David Bukoski (23) with aiding and abetting computer intrusions. Bukoski operated Quantum Stresser, one of the longest-running DDoS services in operation.  It has been estimated that as of Nov. 29, Quantum had over 80,000 customer subscriptions and in 2018 alone, the platform was used to launch over 50,000 attacks targeting victims worldwide.

DoJ praised collaboration among Districts and coordination with public sector partners.

“DDoS for hire services such as these pose a significant national threat,” said U.S. Attorney Schroder.  “Coordinated investigations and prosecutions such as these demonstrate the importance of cross-District collaboration and coordination with public sector partners.” concludes the press release,

“The attack-for-hire websites targeted in this investigation offered customers the ability to disrupt computer networks on a massive scale, undermining the internet infrastructure on which we all rely,” said U.S. Attorney Hanna.

Even if the crackdown operated by the FBI will have a significant impact on this burgeoning criminal industry, there are other sites offering these services.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs –DDoS-for-hire services, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]