13 more domains connected to DDoS-for-hire platforms, sometimes referred to as “booter” or “stressor” services, have been seized, according to a recent announcement from the US Justice Department.
The seizures this week are a part of Operation PowerOFF, an international law enforcement campaign to disrupt internet sites that enable anyone to launch powerful distributed denial-of-service (DDoS) attacks against any target for the proper sum of money.
The Department of Justice reported that 13 internet domains connected to these DDoS-for-hire services had been legally seized as part of an ongoing campaign to target computer attack “booter” services.
“The seizures this week are the third wave of U.S. law enforcement actions against well-known booter services that allowed paying users to launch potent distributed denial-of-service, or DDoS, attacks that flood targeted computers with information and render them unable to access the internet,” according to the statement.
When the FBI seized 48 additional domains in December 2022, it also targeted top stresser services. Ten sites that had been previously disrupted had registered new domains to enable them to continue operating online.
The DOJ reported that 48 top booter services were the target of a previous sweep in December, which resulted in the seizure of 10 of the 13 domains. One of the names seized this week, cyberstress.org, appears to be the same service as cyberstress.us, which was seized in December, for instance.
The FBI’s full list of domains seized this week, and those previously confiscated that were connected to the same operations, is embedded below.
The affidavit states that the FBI tested the booter services whose domains were seized by creating or renewing accounts with each of them and by launching DDoS attacks against agency-controlled computers to determine the impact on target systems.
The FBI reported that certain attacks, despite employing high-capacity Internet connections, took the targeted devices offline, which helped to establish the booters’ capability.
“The FBI tested each of the services connected to the SUBJECT DOMAINS, which means that agents or other staff members visited each of the websites and either used preexisting login information or registered a new account on the service to conduct attacks,” stated FBI Special Agent Elliott Peterson.
“I think each of the SUBJECT DOMAINS is being made use of to facilitate the commission of attacks against innocent victims to prevent the victims from accessing the Internet, to disconnect the victim from or degrade communication with established Internet connections, or to cause other similar damage,” the author writes.
Additionally, four defendants who were accused in late 2022 entered guilty pleas to federal crimes early this year, acknowledging that they participated in or ran some of the booter services that law enforcement had singled out.
The defendants listed together with the charges they pleaded guilty to include:
- Jeremiah Sam Evans Miller, also known as “John The Dev,” is 23 years old and lives in San Antonio, Texas. On April 6, he pleaded guilty to conspiring and breaking the computer fraud and abuse act for running a booter service called RoyalStresser.com, which used to be called Supremesecurityteam.com.
- Angel Manuel Colon Jr., also known as “Anonghost720” and “Anonghost1337,” is 37 years old and lives in Belleview, Florida. On February 13, he pleaded guilty to conspiring and damaging the computer fraud and abuse act by running a booter service called SecurityTeam.io.
- On March 22, Shamar Shattock, 19, of Margate, Florida, pleaded guilty to conspiring to break the computer fraud and abuse act by running a booter service called Astrostress.com.
- Cory Anthony Palmer, who is 23 years old and lives in Lauderhill, Florida, pleaded guilty on February 16 to a charge of conspiring to break the Computer Fraud and Abuse Act by running a service called Booter.sx. This was linked to the operation of a booter service.
Operation PowerOFF is the codename for the global police operation. Another 48 domains were confiscated by federal authorities in December. Ten of them came back with freshly registered domains, many of which were nearly identical to their old ones. Based on a statement released by the Justice Department, “Ten of the 13 domains seized today are reincarnations of services that were seized during a prior sweep in December, which targeted 48 top booter services or DDoS-for-hire platforms.”
This week’s seizure of the domain name cyberstress.org appears to be related to the December seizure of the domain name cyberstress.us. While many booter services that were previously shut down have yet to resume operations, today’s action shows that law enforcement is serious about going after those who have decided to keep up their illegal practices. A federal court seizure warrant claims that the FBI utilized active service accounts to shut down government-controlled websites with large bandwidth.