LOS ANGELES – The Justice Department today announced the court-authorized seizure of 48 internet domains associated with some of the world’s leading DDoS-for-hire services, as well as criminal charges against six defendants who allegedly oversaw computer attack platforms commonly called “booter” services.
The FBI is now in the process of seizing the websites that allowed paying users to launch powerful distributed denial-of-service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet. Booter services such as those named in this action allegedly attacked a wide array of victims in the United States and abroad, including educational institutions, government agencies, gaming platforms and millions of individuals. In addition to affecting targeted victims, these attacks can significantly degrade internet services and can completely disrupt internet connections.
The websites targeted in this operation were used to launch millions of actual or attempted DDoS attacks targeting victims worldwide. While some of these services claimed to offer “stresser” services that could purportedly be used for network testing, the FBI determined these claims to be a pretense, and “thousands of communications between booter site administrators and their customers…make clear that both parties are aware that the customer is not attempting to attack their own computers,” according to an affidavit filed in support of court-authorized warrants to seize the booter sites.
The coordinated law enforcement action comes just before the Christmas holiday period, which typically brings a significant increase in DDoS attacks across the gaming world.
In conjunction with the website seizures, the FBI, the United Kingdom’s National Crime Agency, and the Netherlands Police have launched an advertising campaign using targeted placement ads in search engines, which are triggered by keywords associated with DDoS activities. The purpose of the ads is to deter potential cyber criminals searching for DDoS services in the United States and around the globe, as well as to educate the public on the illegality of DDoS activities.
“These booter services allow anyone to launch cyberattacks that harm individual victims and compromise everyone’s ability to access the internet,” said United States Attorney Martin Estrada. “This week’s sweeping law enforcement activity is a major step in our ongoing efforts to eradicate criminal conduct that threatens the internet’s infrastructure and our ability to function in a digital world.”
“Criminals are increasingly targeting essential services and our critical infrastructure with DDoS attacks that can cost victims valuable time, money and reputational harm,” said Donald Alway, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “Whether a criminal launches an attack independently or pays a skilled contractor to carry one out, the FBI will work with victims and use the considerable tools at our disposal to identify the person or group responsible. Victims of cybercrime are urged to contact their local FBI field office or file a complaint with the FBI’s Internet Crime Complaint Center at ic3.gov."
The law enforcement actions this week include the filing of charges against six defendants across the United States who allegedly offered booter services. Each defendant allegedly operated at least one website that offered one-stop DDoS services and subscriptions of various lengths and attack volumes. In each of these criminal cases, the FBI posed as a customer and conducted test attacks to confirm that the booter site functioned as advertised.
Central District of California
Prosecutors in Los Angeles this week filed four criminal informations charging four defendants with running booter services.
The defendants charged in Los Angeles are:
- Jeremiah Sam Evans Miller, aka “John The Dev,” 23, of San Antonio, Texas, who is charged with conspiracy to violate and violating the computer fraud and abuse act related to the alleged operation of a booter service named RoyalStresser.com (formerly known as Supremesecurityteam.com);
- Angel Manuel Colon Jr., aka “Anonghost720” and “Anonghost1337,” 37, of Belleview, Florida, who is charged with conspiracy to violate and violating the computer fraud and abuse act related to the alleged operation of a booter service named SecurityTeam.io;
- Shamar Shattock, 19, of Margate, Florida, who is charged with conspiracy for allegedly running a booter service known as Astrostress.com; and
- Cory Anthony Palmer, 22, of Lauderhill, Florida, who is charged with conspiracy for allegedly running a booter service known as Booter.sx.
The four defendants have been informed of the charges against them and are expected to make their initial court appearances in United States District Court in Los Angeles early next year.
Assistant United States Attorneys Cameron L. Schroeder, Chief of the Cyber and Intellectual Property Crimes Section, and Aaron Frumkin, also of the Cyber and Intellectual Property Crimes Section, are prosecuting the Los Angeles cases. Assistant United States Attorney James E. Dochterman of the Asset Forfeiture and Recovery Section is handling the seizure of the domains.
District of Alaska
The defendants charged in criminal informations filed in Alaska are:
- John M. Dobbs, 32 of Honolulu, Hawaii, who is charged with aiding and abetting violations of the computer fraud and abuse act related to the alleged operation of a booter service named Ipstressor.com, also known as IPS, between 2009 and November 2022.
- Joshua Laing, 32, of Liverpool, New York, who is charged with aiding and abetting violations of the computer fraud and abuse act related to the alleged operation of a booter service named TrueSecurityServices.io between 2014 and November 2022.
The two defendants have been informed of the charges against them and are expected to make their initial court appearance early next year.
Assistant United States Attorney Adam Alexander is prosecuting the Alaska cases.
Criminal informations contain allegations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
In recent years, booter services have continued to proliferate as they offer a low barrier to entry for users looking to engage in cybercriminal activity. These types of DDoS attacks are so named because they result in the “booting” or dropping of the targeted computer from the internet. For additional information on booter and stresser services and the harm that they cause, please visit: https://www.fbi.gov/contact-us/field-offices/anchorage/fbi-intensify-efforts-to-combat-illegal-ddos-attacks.
The cases announced today are being investigated by the FBI’s Anchorage and Los Angeles field offices.
Invaluable assistance was provided by the FBI field offices in Albany, Honolulu, Miami, Philadelphia and San Antonio; the United Kingdom’s National Crime Agency; the Netherlands Police; EUROPOL; and the Brandon Police Service in Manitoba, Canada. Akamai, Cloudflare, Digital Ocean, Entertainment Software Association, Google, Oracle, Palo Alto Networks Unit 42, PayPal, Unit 221B, the University of Cambridge, Yahoo and other valued private sector partners provided additional assistance.
These law enforcement actions were taken in conjunction with Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructures worldwide, and holding accountable the administrators and users of these illegal services.
In a previous law enforcement action involving prosecutors and investigators in Los Angeles and Anchorage four years ago, the Justice Department charged three defendants who facilitated DDoS-for hire services and seized 15 internet domains associated with DDoS-for-hire services. The multi-prong investigation announced today builds on the success of the prior cases by targeting all known booter sites, shutting down as many as possible, and undertaking a public education campaign.