cyberstress.org seizure banner (DOJ)
The U.S. Justice Department announced today the seizure of 13 more domains linked to DDoS-for-hire platforms, also known as ‘booter’ or ‘stressor’ services.
This week’s seizures are part of a coordinated international law enforcement effort (known as Operation PowerOFF) to disrupt online platforms allowing anyone to launch massive distributed denial-of-service (DDoS) attacks against any target for the right amount of money.
“As part of an ongoing initiative targeting computer attack ‘booter’ services, the Justice Department today announced the court-authorized seizure of 13 internet domains associated with these DDoS-for-hire services,” the Department of Justice said.
“The seizures this week are the third wave of U.S. law enforcement actions against prominent booter services that allowed paying users to launch powerful distributed denial-of-service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet.”
The FBI also targeted stresser services in December 2018 when it took down 15 websites offering DDoS services and in December 2022 when it seized another 48 domains, with some of them registering new domains, allowing them to stay online.
“Ten of the 13 domains seized today are reincarnations of services that were seized during a prior sweep in December, which targeted 48 top booter services,” the DOJ said.
“For example, one of the domains seized this week – cyberstress.org – appears to be the same service operated under the domain cyberstress.us, which was seized in December.”
The complete list of domains taken down this week by the FBI and previously seized domains linked to the same operations is embedded below.
List of seized domains (DOJ)
According to the affidavit, the FBI tested the booter services whose domains were seized by opening or renewing accounts with each of them and assessed the effects on target computers via DDoS attacks launched on computers controlled by the agency.
These tests helped confirm the booters’ functionality, with the FBI saying that some attacks took the targeted devices offline even though they were using high-capacity Internet connections.
“The FBI tested each of services associated with the SUBJECT DOMAINS, meaning that agents or other personnel visited each of the websites and either used previous login information or registered a new account on the service to conduct attacks,” FBI Special Agent Elliott Peterson said.
“I believe that each of the SUBJECT DOMAINS is being used to facilitate the commission of attacks against unwitting victims to prevent the victims from accessing the Internet, to disconnect the victim from or degrade communication with established Internet connections, or to cause other similar damage.”
DDoS test conducted by the FBI using the cyberstress.org booter (FBI)
Four defendants charged in late 2022 also pleaded guilty earlier this year to federal charges, admitting that they were either involved in or operated some of the booter services targeted by law enforcement.
The list of defendants and the charges they pleaded guilty to includes:
- Jeremiah Sam Evans Miller, aka “John The Dev,” 23, of San Antonio, Texas, admitted on April 6 to conspiracy and violating the computer fraud and abuse act related to the operation of a booter service named RoyalStresser.com (formerly known as Supremesecurityteam.com);
- Angel Manuel Colon Jr., aka “Anonghost720” and “Anonghost1337,” 37, of Belleview, Florida, pleaded guilty on February 13 to conspiracy and violating the computer fraud and abuse act related to the operation of a booter service named SecurityTeam.io;
- Shamar Shattock, 19, of Margate, Florida, pleaded guilty on March 22 to conspiracy to violate the computer fraud and abuse act related to the operation of a booter service known as Astrostress.com; and
- Cory Anthony Palmer, 23, of Lauderhill, Florida, pleaded guilty on February 16 to conspiracy to violate the computer fraud and abuse act related to the operation of a booter service known as Booter.sx.
Law enforcement’s recent seizures show their commitment to targeting booter service platforms, even though some previously taken down domains have resurfaced.