US begins seizure of 48 DDoS-for-hire services following global investigation

The DoJ logo on a smartphone with the US flag in the background
(Image credit: Getty Images)

The US' Department of Justice (DoJ) has begun the seizure of 48 DDoS-for-hire services and brought criminal charges against six individuals involved.

Also involved in the operation is the FBI which was granted approval to take control of the websites as part of a wider international anti-cyber crime operation, the DoJ revealed on Wednesday.

The six arrested defendants allegedly oversaw cyber attacks launched from platforms known as booters. These are services which boot, or drop, a targeted computer from the internet. The services allegedly attacked millions of individuals in the US and around the world, including government agencies, gaming platforms, and educational institutions. The DoJ said that the attacks can also degrade internet services and disrupt connections.

Each defendant allegedly operated at least one site that offered services and subscriptions to booter services, said the DoJ. In each case, the FBI masqueraded as a genuine client and carried out test attacks to confirm the sites functioned as advertised.

Criminal charges have been filed against two defendants in Alaska: John M. Dobbs who allegedly operated IPStressor.com, and Joshua Laing who allegedly operated TrueSecurityServices.io.

In Los Angeles, four defendants have had criminal charges filed against them. Jeremiah Sam Evans Miller was accused of running RoyalStresser.com, Angel Manuel Colon Jr. allegedly ran SecurityTeam.io, Shamar Shattock allegedly operated Astrostress.com, and Cory Anthony Palmer, who was accused of running Booter.sx.

Millions of DDoS attacks were launched from the websites involved, targeting victims across the world, said the DoJ. Some of the services offered “stresser” services which the websites claimed were used for network testing. However, the FBI found that this was a pretence as the site admins and customers are aware that the customer is not attempting to attack their own computers.

“These DDoS-for-hire websites, with paying customers both inside and outside the United States, facilitated network disruptions on a massive scale, targeting millions of victim computers around the world,” said Antony Jung, the FBI special agent in charge of the case.

“Potential users and administrators should think twice before buying or selling these illegal services. The FBI and our international law enforcement partners continue to intensify efforts in combating DDoS attacks, which will have serious consequences for offenders.”

The arrests were made through work carried out in Operation Power OFF, an internationally coordinated effort between law enforcement agencies aiming to take apart DDoS-for-hire schemes across the world.

Other agencies provided the DoJ with assistance in the operation including the UK's National Crime Agency (NCA), Netherlands Police, Europol, and the Brandon Police Service in Canada. It also received support from companies in the private sector including Akamai, Cloudflare, Oracle, Google, Palo Alto Networks, Paypal, as well as the University of Cambridge.

According to the department, the coordinated law enforcement action took place before the holiday period, which usually sees an increase in DDoS attacks across the gaming world.

“Whilst I don’t think that this is insignificant, I do not believe that it will have that much effect on the use of companies like this to perform DDoS attacks,” said Leon Teale, senior penetration tester at IT Governance to IT Pro. “Overall, these site organisers who offer this service know full well the intent of its use and do so regardless of it being illegal and unethical.”

Teale said that the fact the FBI has managed to shut down the companies is simply a statistics game, as users that pay for the services will move to another.

“I suspect there will be a drop in DDoS attacks because of these sites shutting down, but I can’t imagine it will put much of a dent in the overall number of attacks that go on each day across the world,” he added.

At the same time, the FBI, the NCA, and the Netherlands Police have released an advertising campaign to deter potential cyber criminals from using DDoS services. The campaign is in the form of a targeted placement ad which appears in search engines and is triggered by DDoS keywords.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.