ANCHORAGE – The Justice Department today announced the court-authorized seizure of 48 internet domains associated with some of the world’s leading DDoS-for-hire services, as well as criminal charges against six defendants who allegedly oversaw computer attack platforms commonly called “booter” services.
The FBI is now in the process of seizing the websites that allowed paying users to launch powerful distributed denial-of-service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet. Booter services such as those named in this action allegedly attacked a wide array of victims in the United States and abroad, including educational institutions, government agencies, gaming platforms and millions of individuals. In addition to affecting targeted victims, these attacks can significantly degrade internet services and can completely disrupt internet connections.
The websites targeted in this operation were used to launch millions of actual or attempted DDoS attacks targeting victims worldwide. While some of these services claimed to offer “stresser” services that could purportedly be used for network testing, the FBI determined these claims to be a pretense, and “thousands of communications between booter site administrators and their customers…make clear that both parties are aware that the customer is not attempting to attack their own computers,” according to an affidavit filed in support of court-authorized warrants to seize the booter sites.
The coordinated law enforcement action comes just before the Christmas holiday period, which typically brings a significant increase in DDoS attacks across the gaming world.
In conjunction with the website seizures, the FBI, the United Kingdom’s National Crime Agency (NCA) and the Netherlands Police have launched an advertising campaign using targeted placement ads in search engines, which are triggered by keywords associated with DDoS activities. The purpose of the ads is to deter potential cyber criminals searching for DDoS services in the United States and around the globe, as well as to educate the public on the illegality of DDoS activities.
“Communities in Alaska have become increasingly dependent on access to broadband internet for essential services,” said U.S. Attorney S. Lane Tucker, District of Alaska. “Cyber criminals are not concerned with borders between states or nations but they should be on notice that we will work with law enforcement partners nationally and internationally to pursue and disrupt cybercrime services targeting Alaskans.”
“These DDoS-for-hire websites, with paying customers both inside and outside the United States, facilitated network disruptions on a massive scale, targeting millions of victim computers around the world,” said Special Agent in Charge Antony Jung of the FBI Anchorage Field Office. “Potential users and administrators should think twice before buying or selling these illegal services. The FBI and our international law enforcement partners continue to intensify efforts in combatting DDoS attacks, which will have serious consequences for offenders.”
The law enforcement actions this week include the filing of charges against six defendants across the United States who allegedly offered booter services. Each defendant allegedly operated at least one website that offered one-stop services and subscriptions of various lengths and attack volumes. In each of these criminal cases, the FBI posed as a customer and conducted test attacks to confirm that the booter site functioned as advertised.
District of Alaska
The defendants charged in criminal informations filed in Alaska are:
- John M. Dobbs, 32, of Honolulu, Hawaii, is charged with aiding and abetting violations of the computer fraud and abuse act related to the alleged operation of a booter service named IPStressor.com, also known as IPS, between 2009 and November 2022.
- Joshua Laing, 32, of Liverpool, New York, is charged with aiding and abetting violations of the computer fraud and abuse act related to the alleged operation of a booter service named TrueSecurityServices.io between 2014 and November 2022.
The two defendants have been informed of the charges against them and are expected to make their initial court appearance early next year.
Assistant U.S. Attorney Adam Alexander is prosecuting the Alaska cases.
Central District of California
Prosecutors in Los Angeles this week filed four criminal informations charging four defendants with running booter services.
The defendants charged in Los Angeles are:
- Jeremiah Sam Evans Miller, aka “John The Dev,” 23, of San Antonio, Texas, who is charged with conspiracy to violate and violating computer fraud and abuse act related to the alleged operation of a booter service named RoyalStresser.com (formerly known as Supremesecurityteam.com).
- Angel Manuel Colon Jr., aka “Anonghost720” and “Anonghost1337,” 37, of Belleview, Florida, who is charged with conspiracy to violate and violating the computer fraud and abuse act related to the alleged operation of a booter service named SecurityTeam.io.
- Shamar Shattock, 19, of Margate, Florida, who is charged with conspiracy for allegedly running a booter service known as Astrostress.com.
- Cory Anthony Palmer, 22, of Lauderhill, Florida, who is charged with conspiracy for allegedly running a booter service known as Booter.sx.
The four defendants have been informed of the charges against them and are expected to make their initial court appearances in United States District Court in Los Angeles early next year.
Assistant United States Attorneys Cameron L. Schroeder, Chief of the Cyber and Intellectual Property Crimes Section, and Aaron Frumkin, also of the Cyber and Intellectual Property Crimes Section, are prosecuting the Los Angeles cases. Assistant United States Attorney James Dochterman of the Asset Forfeiture and Recovery Section is handling the seizure of the domains.
In recent years, booter services have continued to proliferate as they offer a low barrier to entry for users looking to engage in cybercriminal activity. These types of DDoS attacks are so named because they result in the “booting” or dropping of the targeted computer from the internet. For additional information on booter and stresser services and the harm that they cause, please visit: https://www.fbi.gov/contact-us/field-offices/anchorage/fbi-intensify-efforts-to-combat-illegal-ddos-attacks.
The cases announced today are being investigated by the FBI’s Anchorage and Los Angeles field offices.
Invaluable assistance was provided by the FBI field offices in Albany, Honolulu, Miami, Philadelphia and San Antonio; the United Kingdom’s National Crime Agency; the Netherlands Police; EUROPOL; and the Brandon Police Service in Manitoba, Canada. Akamai, Cloudflare, Digital Ocean, Entertainment Software Association, Google, Oracle, Palo Alto Networks Unit 42, PayPal, Unit 221B, University of Cambridge, Yahoo and other valued private sector partners provided additional assistance.
These law enforcement actions were taken as part of Operation Power OFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructures worldwide, and holding accountable the administrators and users of these illegal services.
In a previous law enforcement action involving prosecutors and investigators in Anchorage and Los Angeles four years ago, the Justice Department charged three defendants who facilitated DDoS-for hire services and seized 15 internet domains associated with DDoS-for-hire services. The multi-prong investigation announced today builds on the success of the prior cases by targeting all known booter sites, shutting down as many as possible, and undertaking a public education campaign.
Criminal informations contain allegations, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
Source: U.S. Attorney’s Office, District of Alaska