The Federal Bureau of Investigation is on track to seize 48 internet domains associated with some of the world’s leading DDoS services. Six people have been charged in relation to the hacker-for-hire operations.
The websites advertised and sold distributed-denial-of-service to flood IT infrastructures with requests and disrupt them. The sites, taken down in a multi-national operation that included undercover work, were allegedly used to launch millions of actual or attempted DDoS attacks targeting entities worldwide.
“Booter services such as those named in this action allegedly attacked a wide array of victims in the United States and abroad, including educational institutions, government agencies, gaming platforms and millions of individuals,” according to the US Department of Justice. “In addition to affecting targeted victims, these attacks can significantly degrade internet services and can completely disrupt internet connections.”
Some of the websites claimed to be acting in good faith, offering ‘stresser’ services for network testing - intentional DDoS attacks designed to test the network against similar, malicious actions.
The FBI determined these claims to be a pretense, the DOJ said.
“Thousands of communications between booter site administrators and their customers…make clear that both parties are aware that the customer is not attempting to attack their own computers,” according to an affidavit filed in support of court-authorized warrants to seize the domains in question.
To help internet users distinguish good from bad, authorities in the US, UK and Netherlands have launched a campaign using targeted placement ads in search engines which are triggered by keywords associated with DDoS search queries.
“The purpose of the ads is to deter potential cyber criminals searching for DDoS services in the United States and around the globe, as well as to educate the public on the illegality of DDoS activities,” the DOJ said.
The feds have charged six suspects based in the US, including four in Los Angeles and two in Alaska, for allegedly enabling or overseeing the hacker-for-hire services.
Each defendant is said to have operated at least one website on the blacklist, offering one-stop DDoS services and subscriptions of various lengths and attack volumes. To catch them red-handed, the FBI posed as a customer and went so far as to conduct test attacks to confirm the services worked as advertised.
All six defendants have been informed of the charges against them and are expected to appear in court early next year.
This timely, coordinated law enforcement action comes just before the holiday period, which typically brings a significant increase in DDoS attacks, the DOJ said.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024