The FBI is in the process of seizing 48 domains associated with DDoS-for-hire operations and has brought about a lawsuit against six defendants running these so-called ‘booter’ services.
These ‘booter’ services allow anyone to pay to conduct DDoS attacks on targets, essentially booting the target off the internet. Also called ‘stressors’ they offer basically the same functionality as online stress testing tools used to test a web server’s reliability under heavy traffic.
FBI special agent Elliott Peterson claims that some of these websites use the term ‘stressor’ to imply that the service is meant to be used as a stress testing tool for one’s own infrastructure. However, they’re instead used to DDoS computers or servers not controlled by the attacker and without authorisation from the victim.
According to the US Department of Justice, the booter services included in this shutdown reportedly attacked a “wide array of victims in the United States and abroad, including educational institutions, government agencies, gaming platforms and millions of individuals”.
The services required a cryptocurrency account to be set up, which is then used to pay for any attacks the threat actor wants. Additionally, while they do require a subscriber to agree to not use the service to attack others, this restriction isn’t properly implemented.
The FBI has also come out and taken a strict stance against DDoS attacks. stating that any such attacks will be investigated as cybercrime and using booter or stressor services is punishable under the Computer Fraud and Abuse Act. Doing so can result in either of the following:
- Seizure of computers and other electronic devices
- Arrest and criminal prosecution
- Significant prison sentence
- Penalty or fine
So far the DOJ has named a total of six defendants in the case, four from LA and two from Alaska. The charges include conspiracy to violate and violating the computer fraud and abuse act, conspiracy for allegedly running a booter service and aiding and abetting violations of the computer fraud and abuse act.
All six defendants have been informed of the charges against them and will be presented in their respective courts early next year.