A long-running law enforcement operation continued this week after US authorities announced the seizure of 13 internet domains linked to DDoS-for-hire services.
The Department of Justice (DoJ) yesterday described the action as a “third wave” of disruption, aimed at so-called “booter” services that are designed to make the launching of DDoS attacks relatively easy for any budding cyber-criminal.
Read more on DDoS-for-hire: Booter Boss Banged Up for 13 Months.
However, 10 of the 13 domains taken down by law enforcement were linked to previous ones already seized in a December 2022 sweep that took down 48 booter services. For example, “cyberstress.org” appeared to be the same service as that which operated under the domain “cyberstress.us,” which was seized in December, according to the US Attorney’s Office for the Central District of California.
This highlights the challenges police have in tackling online criminality.
However, they are making headway in bringing some of the perpetrators to justice. The DoJ announced on Monday that four defendants charged as part of the last booter “sweep” pleaded guilty earlier this year to operating or participating in the operation of booter services.
The four men, who range in age from 19 to 37 and live in Florida or Texas, were linked to the following booter services: RoyalStresser.com; SecurityTeam.io; Astrostress.com; and Booter.sx.
“Victims who are attacked by such services, or those providing internet services to the victims, often have to ‘overprovision,’ that is, pay for increased internet bandwidth in order to absorb the attacks, or subscribe to DDoS protection services, or purchase specialized hardware designed to mitigate the effects of DDoS attacks,” noted an affidavit in support of the seizure warrants filed this week.
“The prices of such overprovision or DDoS protection services are usually significantly more expensive than the cost of a given booter service.”
Prior to seizing the domains, the FBI would open an account with the relevant service provider, pay a subscription and then launch test DDoS attacks on web properties owned by the government to see whether the capabilities offered were legitimate.
In the ongoing campaign against such sites, the UK’s National Crime Agency (NCA) recently revealed that it is running fake booter sites designed to harvest information on would-be customers.