FBI seizes 13 more internet domains linked to DDoS-for-hire services in an ongoing law enforcement operation, working together with international law enforcement agencies. These services are often known as ‘booter’ or ‘stresser’ services.
According to the Department of Justice, the arrests mark the third wave of federal law enforcement legal action against famous booter services. These activities are part of Operation PowerOFF, a global law enforcement campaign aimed at bringing down global criminal DDoS-for-hire networks.
The Department of Justice stated:
As part of an ongoing initiative targeting computer attack ‘booter’ services, the Justice Department today announced the court-authorized seizure of 13 internet domains associated with these DDoS-for-hire services.
Booter services allow paying customers to use DDoS attacks, overloading the servers of the targets and obstructing, interrupting, or degrading their internet connection as a result. Additionally, these attacks can break connections for organisations connected by a common internet service provider. These services have seen a rapid rise in popularity in recent years because of the low entry barriers they present to hackers.
The FBI investigated stresser services in December 2018, shutting down 15 DDoS-related websites. Then, in December 2022, the agency seized a further 48 domains, even though some of the targeted services had renewed their domain registrations in order to work.
During the investigation, the FBI bought booter service membership plans and used the website to launch DDoS attacks on computers under the agency’s control to test the service. They were able to see directly how the attacks affected the systems.
The booter websites worked as advertised, according to investigators. The test attack was so effective in certain cases that it completely cut off the internet connection, even though the machine was connected to a network with a lot of resources.
According to FBI Special Agent Elliott Peterson:
The FBI tested each of services associated with the SUBJECT DOMAINS, meaning that agents or other personnel visited each of the websites and either used previous login information or registered a new account on the service to conduct attacks. I believe that each of the SUBJECT DOMAINS is being used to facilitate the commission of attacks against unwitting victims to prevent the victims from accessing the Internet, to disconnect the victim from or degrade communication with established Internet connections, or to cause other similar damage.
Earlier this year, four defendants who had been charged in late 2022 confessed being involved in or running some of the booter services that law enforcement had investigated.
Law enforcement operations have effectively obtained data related to the activity of these booter sites. The data revealed hundreds of thousands of registered users who had previously used these sites to commit millions of attacks against millions of victims. Websites belonging to school districts, colleges, financial organisations, and government bodies were among the sites affected.
This is the second large US law enforcement effort in the last month to successfully halt major cybercriminal activities. Genesis Marketplace, the largest cybercriminal marketplace for stolen credentials, was taken down in April by 45 FBI field offices and foreign affiliates.
The NCA disclosed the growth of the dark web’s black market earlier this year when it set up a number of websites offering DDoS-for-hire services. Although the seizure would not totally stop cybercriminals from trying to resume their thwarted efforts, security leaders claim that government steps are unquestionably making it difficult for hackers to work wisely.
Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.