The Federal Bureau of Investigation (FBI) announced that it plans to seize 48 internet domains associated with some of the world’s leading DDoS services. So far, six people were charged in relation to the hacker-for-hire operations.
The websites advertised and sold distributed-denial-of-service to flood IT infrastructures with requests and disrupt them. These sites were also allegedly used to launch millions of actual or attempted DDoS attacks targeting entities across the globe. The FBI were able to take down the DDoS sites in a multinational operation that included undercover work.
“Booter services such as those named in this action allegedly attacked a wide array of victims in the United States and abroad, including educational institutions, government agencies, gaming platforms and millions of individuals,” said the US Department of Justice (DOJ) in a statement. “In addition to affecting targeted victims, these attacks can significantly degrade internet services and can completely disrupt internet connections.”
Some of the websites claimed to be acting in good faith and offered “stresser” services for network testing. These are intentional DDoS attacks that are designed to test networks against similar malicious actors.
However, according to the DOJ, the FBI claimed that this was just a cover.
“Thousands of communications between booter site administrators and their customers…make clear that both parties are aware that the customer is not attempting to attack their own computers,” according to an affidavit filed in support of court-authorized warrants to seize these domains.
The FBI charged six suspects based in the US, including four in Los Angeles and two in Alaska, for allegedly enabling or overseeing the DDoS-for-hire services.
Each defendant allegedly operated at least one of the websites on the blacklist, and offered one-stop DDoS services and subscriptions of varying lengths and attack volumes. In order to catch the suspects, the FBI went undercover as a customer and even conducted test attacks to make sure the services worked as intended.
All six defendants were informed of the charges brought against them and are expected to appear in court in early 2023.