Pierluigi Paganini March 03, 2019

Sergiy P. Usatyuk (20), from Orland Park, Illinois pleaded guilty for owning, administrating, and supporting an illegal DDo-for-hire service.

According to the U.S. Department of Justice, the booting service operated by Sergiy P. Usatyuk (20) was used to carry out millions of distributed denial of service attacks.

Usatyuk developed and operated other DDoS-for-hire services with a co-conspirator between August 2015 and November 2017.

“An Orland Park, Illinois man pleaded guilty today to one count of conspiracy to cause damage to internet-connected computers for his role in owning, administering, and supporting illegal booter services that launched millions of illegal DDoS attacks against victim computer systems in the United States and elsewhere.” reads a press release published by the DoJ.

The list of illegal DDoS-for-hire services operated by the man includes ExoStress.in (“ExoStresser”), QuezStresser.com, Betabooter.com (“Betabooter”), Databooter.com, Instabooter.com, Polystress.com, and Zstress.net. ExoStresser.

The services were involved in million of attacks, for example as of Sept. 12, 2017, an advertising on the ExoStresser website (exostress.in) said that the booter service alone had launched 1,367,610 DDoS attacks, and caused targeted victim computer systems to suffer 109,186.4 hours of network downtime.

According to the authorities, Betabooter was used by one of the subscribers to the service in November 2016 to hit the school district in the Pittsburgh, Pennsylvania area, with a series of DDoS attacks. The attacks disrupted the computer systems of 17 organizations that shared the same infrastructure, including other school districts, the county government, the county’s career and technology centers, and a Catholic Diocese in the area.

DDoS-for-hire service was a profitable business for Usatyuk and its co-conspirator that reportedly made over $550,000 from charging subscriber fees to paying customers of their booter services, as well as from selling advertising space to other booter operators.

“For over two years, Sergiy Usatyuk conspired to launch millions of DDoS attacks that paralyzed the computer systems of U.S. organizations for more than 100,000 hours,” said Assistant Attorney General Benczkowski.  “The Criminal Division and our law enforcement partners will remain vigilant in protecting the American public by prosecuting the cybercriminals responsible for these sophisticated and harmful schemes.”

According to the DoJ, over the past five years, the abuse of booter and stresser services to launch DDoS attacks was increased allowing a growing number of threat actors to enter in the cybercrime ecosystem.

In January, Europol and law enforcement agencies worldwide, announced they are investigating DDoS-for-hire services and hunting users that paid them to carry out cyber attacks.

Pierluigi Paganini

(SecurityAffairs – DDoS-for-hire, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]