Image: Ryan Stone on Unsplash
Image: Ryan Stone on Unsplash

Feds continue takedowns of DDoS-for-hire ‘booter’ sites

U.S. law enforcement has seized 13 more internet domains that hosted “booter” services for attacking websites, prosecutors said Monday, and four people arrested in a previous sweep have pleaded guilty to related charges.

It’s the Department of Justice’s third wave of seizures of booter domains, which allow paying customers to launch powerful distributed denial-of-service (DDoS) attacks that can take down a website. A previous operation in December led to 48 domain seizures and seven arrests of administrators.

Four of the people arrested in that sting pleaded guilty to computer fraud and abuse charges, according to the U.S. Attorney’s Office for the Central District of California.

Ten of the 13 recently seized domains were “reincarnations” of services shut down in December, prosecutors said.

“For example, one of the domains seized this week – – appears to be the same service operated under the domain,” prosecutors said.

The two operations, plus an initial takedown in December 2018, were partly the work of an informal group that calls itself "Big Pipes," Wired reported. The group consists of a few dozen members, including staffers from several major cloud service providers and gaming companies.

The FBI collected evidence by opening or renewing accounts with each booter service and testing their abilities to launch DDoS attacks on computers controlled by the bureau, the announcement said.

“In some cases, despite the ‘victim’ computer being on a network with a large amount of capacity, the test attack was so powerful that it completely severed the internet connection,” prosecutors said.

Targets of booter services have included school districts, universities, financial institutions and government agencies, the news release said.

“Data relating to the operation of booter sites previously seized by law enforcement show that hundreds of thousands of registered users have used these services to launch millions of attacks against millions of victims,” prosecutors said.

The following defendants will be sentenced this summer, according to the Department of Justice:

  • Jeremiah Sam Evans Miller, aka “John The Dev,” 23, of San Antonio, Texas, for running a booter service named, formerly known as
  • Angel Manuel Colon Jr., aka “Anonghost720” and “Anonghost1337,” 37, of Belleview, Florida, for operating
  • Shamar Shattock, 19, of Margate, Florida, for running
  • Cory Anthony Palmer, 23, of Lauderhill, Florida, for operating

Federal agencies have warned about the potential for DDoS incidents involving critical industry sectors. The Department of Health and Human Services, for example, pointed to a Russia-aligned threat earlier this year.

“In recent years, booter services have continued to proliferate, as they offer a low barrier to entry for users looking to engage in cybercriminal activity,” prosecutors said Monday.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Joe Warminsky

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.