Charges filed in DDoS-for-hire attacks, including Baltimore schools incident

A Los Angeles man who allegedly ran a “booter” service that facilitated distributed denial-of-service (DDoS) attacks for hire was charged this week in federal court.

Scott Esparza, who goes by “Hazard,” “co-administrated” the website Astrostress.com, according to court documents filed on Wednesday. The Astrostress domain was seized by the FBI in December 2022 along with dozens of other booter services.

According to prosecutors, Esparza’s service “would allow his subscribers, for a fee, to cause floods of Internet traffic to be directed to victim computers … for the purpose of degrading or disrupting the victim computers’ access to the Internet.” Court Watch first publicized the charges.

Astrostress’ tools were allegedly responsible for a DDoS attack on Baltimore County Public Schools in February 2022, prompting the school district to warn that it was experiencing connectivity issues.

Esparza is charged with intentionally causing damage to 10 or more protected computers, and for his work to “maintain and improve the Astrostress.com website and services, respond to requests for attacks, subscriptions, or assistance from potential or current customers, and market the Astrostress.com website in an attempt to draw subscribers to Astrostress.com and away from other competitor websites.”

An Astrostress associate, 19-year-old Shamar Shattock, pleaded guilty in March 2023 for his role in running the site.

The DOJ has cracked down on for-hire DDoS services in recent years, with 15 domains connected to booter services seized in 2018.

In late 2022, 48 internet domains were seized, with another 13 shut down the following May, 10 of which were reincarnations of sites that had already been seized. At the time of the most recent seizures, the DOJ highlighted what a nuisance DDoS attacks, and their enablers, have become.

“Data relating to the operation of booter sites previously seized by law enforcement show that hundreds of thousands of registered users have used these services to launch millions of attacks against millions of victims,” they wrote. “School districts, universities, financial institutions and government websites are among the victims who have been targeted in attacks launched by booter services.”