Feds continue takedowns of DDoS-for-hire ‘booter’ sites

U.S. law enforcement has seized 13 more internet domains that hosted “booter” services for attacking websites, prosecutors said Monday, and four people arrested in a previous sweep have pleaded guilty to related charges.

It’s the Department of Justice’s third wave of seizures of booter domains, which allow paying customers to launch powerful distributed denial-of-service (DDoS) attacks that can take down a website. A previous operation in December led to 48 domain seizures and seven arrests of administrators.

Four of the people arrested in that sting pleaded guilty to computer fraud and abuse charges, according to the U.S. Attorney’s Office for the Central District of California.

Ten of the 13 recently seized domains were “reincarnations” of services shut down in December, prosecutors said.

“For example, one of the domains seized this week – cyberstress.org – appears to be the same service operated under the domain cyberstress.us,” prosecutors said.

The two operations, plus an initial takedown in December 2018, were partly the work of an informal group that calls itself "Big Pipes," Wired reported. The group consists of a few dozen members, including staffers from several major cloud service providers and gaming companies.

The FBI collected evidence by opening or renewing accounts with each booter service and testing their abilities to launch DDoS attacks on computers controlled by the bureau, the announcement said.

“In some cases, despite the ‘victim’ computer being on a network with a large amount of capacity, the test attack was so powerful that it completely severed the internet connection,” prosecutors said.

Targets of booter services have included school districts, universities, financial institutions and government agencies, the news release said.

“Data relating to the operation of booter sites previously seized by law enforcement show that hundreds of thousands of registered users have used these services to launch millions of attacks against millions of victims,” prosecutors said.

The following defendants will be sentenced this summer, according to the Department of Justice:

• Jeremiah Sam Evans Miller, aka “John The Dev,” 23, of San Antonio, Texas, for running a booter service named RoyalStresser.com, formerly known as Supremesecurityteam.com.
• Angel Manuel Colon Jr., aka “Anonghost720” and “Anonghost1337,” 37, of Belleview, Florida, for operating SecurityTeam.io.
• Shamar Shattock, 19, of Margate, Florida, for running Astrostress.com.
• Cory Anthony Palmer, 23, of Lauderhill, Florida, for operating Booter.sx.

Federal agencies have warned about the potential for DDoS incidents involving critical industry sectors. The Department of Health and Human Services, for example, pointed to a Russia-aligned threat earlier this year.

“In recent years, booter services have continued to proliferate, as they offer a low barrier to entry for users looking to engage in cybercriminal activity,” prosecutors said Monday.