Efforts to take down multiple domains that offered distributed denial-of-services (DDoSs) for hire were successful and resulted in another announcement from the Justice Department (DOJ), which yesterday declared that it had seized 15 internet domains, as well as filed criminal charges against three defendants who facilitated the computer attack platforms.
According to a DOJ news release the sites were selling what are commonly known as “booter” or “stresser” services. When purchased, users could leverage these services to launch DDoS attacks, which overwhelm victim computers with a flood of information that prevents them from successfully accessing the internet.
These types of booter services are alleged to enable wide-scale attacks on an array of victims around the globe. Often the targets include financial institutions, universities, internet service providers, government systems and various gaming platforms, according to the DOJ.
“The attack-for-hire websites targeted in this investigation offered customers the ability to disrupt computer networks on a massive scale, undermining the internet infrastructure on which we all rely,” said US Attorney Nick Hanna. “While this week’s crackdown will have a significant impact on this burgeoning criminal industry, there are other sites offering these services – and we will continue our efforts to rid the internet of these websites. We are committed to seeing the internet remain a forum for the free and unfettered exchange of information.”
The director of security research at Flashpoint, Allison Nixon, said that the company provided threat intelligence derived from extensive visibility into deep and dark web actors and communities. “It’s this expertise that was tapped to provide actionable intelligence about cybercrime tools, techniques and operators. Our input was combined with a wealth of intelligence from a range of fantastic industry partners. This combined threat intelligence and attribution is strong enough to stand up in a court of law.”
However, as Hanna noted, DDoS is a complex issue without a quick fix, but Nixon pointed out that something significant happened among these seizures. “The US government just made the argument that running a booter service itself is inherently illegal. The FBI, in executing these actions, has stated clearly and unequivocally that the act of running a service that attacks any website in exchange for anonymous money is not just reckless but patently illegal – and will be prosecuted.”
December is a time of year when the cybersecurity industry sees a surge in DDoS attacks, particularly targeting the gaming world, largely because of the Christmas holiday, but this year the criminals might not be so merry.
“Many cyber-criminals have convinced themselves they have found a legal ‘loophole’ to hurt people,” said Hanna. “The development that we all hope for is that cyber-criminals see this, realize they will never legally profit from attacking websites without clear consent and change behavior toward more productive – and legal – applications of their talents. They have been sufficiently warned. Merry Christmas.”