The US Department of Justice has seized 48 Internet domains and charged six suspects for their involvement in running ‘Booter’ or ‘Stresser’ platforms that allow anyone to easily conduct distributed denial of service attacks.
Booters are online platforms allowing threat actors to pay for distributed denial-of-service attacks on websites and Internet-connected devices. Essentially, they are “booting” the target off of the Internet.
Stressers offer the same DDoS features but claim to be provided for legitimate testing of the reliability of web services and the servers behind them.
“Some sites use the term “stresser” in an effort to suggest that the service could be used to test the resilience of one’s own infrastructure; however, as described below, I believe this is a façade and that these services exist to conduct DDoS attacks on victim computers not controlled by the attacker, and without the authorization of the victim,” reads an affidavit by FBI Special Agent Elliott Peterson out of the Alaska field office.
To use these services, threat actors register an account and deposit cryptocurrency, which is then used to pay for the services.
While almost all booter/stresser sites require a subscriber to agree not to use the services to conduct attacks, many of these services are promoted on hacker forums and criminal marketplace.
In many cases, the platforms’ owners themselves promote deals and coupons on cybercrime sites or use affiliates who earn commissions for promoting the service.
Targeting DDoS platforms worldwide
Today, the US Attorney’s Office in the Central District of California and the US Attorney’s Office in the District of Alaska have announced the charging of six individuals for operating booter/stressor sites.
“These booter services allow anyone to launch cyberattacks that harm individual victims and compromise everyone’s ability to access the internet,” said United States Attorney Martin Estrada. “This week’s sweeping law enforcement activity is a major step in our ongoing efforts to eradicate criminal conduct that threatens the internet’s infrastructure and our ability to function in a digital world.”
The suspects include a person from Texas, three from Florida, one from New York, and another from Hawaii who allegedly operated various stressor/booter sites, including RoyalStresser.com, SecurityTeam.io, Astrostress.com, Booter.sx, Ipstressor.com, and TrueSecurityServices.io.
As part of a more extensive operation against DDoS platforms, dubbed Operation PowerOFF, the FBI and international law enforcement are seizing 48 Internet (complete list at the end of article) for stressor and booter platforms worldwide.
Once the domains have officially been seized and transferred to DNS used by law enforcement, they will display a seizure message warning that these services are illegal, as shown below.
Thom Mrozek, the Media Relations Director for the US Attorney’s Office Central District of California, told BleepingComputer that the FBI is currently working with domain authorities to apply the seizure messages but that the platforms are no longer functioning.
The FBI is also working with the United Kingdom’s National Crime Agency and the Netherlands Police to display ads in search engines when people search for booter services.
For example, when searching for ‘booter service’ on Google, the search engine showed us an advertisement stating, “Looking for DDoS tools? Booting is illegal.”
The UK advertisement leads to a Cyber Choices page offering information on how people can “make informed choices and to use their cyber skills in a legal way.” A similar advertisement from the FBI leads to a web page managed by the Anchorage field office explaining how DDoS attacks are illegal.
The complete list of domains seized by the FBI is available below:
truesecurityservices.io United States France Namecheap 1