Law Enforcement Seizes 9 DDoS-for-Hire Webpages as Part of Global Crackdown on ‘Booter’ and ‘Stresser’ DDoS Services

LOS ANGELES – The Justice Department today announced the court-authorized seizure of nine internet domains associated with some of the world’s leading DDoS-for-hire services. Poland’s Central Cybercrime Bureau simultaneously announced the arrests of four administrators of such services, investigations which were assisted by U.S. authorities. Several of the arrested administrators operated websites seized pursuant to previous operations by the Central District of California. 

Federal law enforcement continues to seize websites that allow paying users to launch powerful distributed denial-of-service (DDoS) attacks. These attacks flood targeted computers and servers with information to prevent them from being able to access the internet.

Booter services such as those named in this action allegedly attacked a wide array of victims in the United States and abroad, including schools, government agencies, gaming platforms, and millions of people. In addition to affecting targeted victims, these attacks can significantly degrade internet services and completely disrupt internet connections. 

The websites targeted in this operation were used for hundreds of thousands of actual or attempted DDoS attacks targeting victims worldwide. While some of these services claimed to offer “stresser” services that purportedly could be used for network testing, the Defense Criminal Investigative Service (DCIS) determined these claims to be a pretense, and “thousands of communications between booter site administrators and their customers…make clear that both parties are aware that the customer is not attempting to attack their own computers,” according to an affidavit filed in support of court-authorized warrants to seize the booter sites.

Today’s announcement builds on the success of the prior cases by targeting all known booter sites, shutting down as many as possible, and undertaking a public education campaign. In the last four years more than 11 defendants have been charged in Los Angeles and Anchorage for facilitating DDoS-for-hire services. More than 75 domains associated with such services have been seized.

“Booter services facilitate cyberattacks that harm victims and compromise everyone’s ability to access the internet,” said United States Attorney Bill Essayli for the Central District of California. “This week’s sweeping law enforcement activity is a major step in our ongoing efforts to eradicate criminal conduct that threatens the internet’s infrastructure and our ability to function in a digital world.”

“DDoS for hire criminal booter services impact internet services for victims in every corner of the United States, including Alaska,” said U.S. Attorney Michael J. Heyman for the District of Alaska. “This threat highlights the continued need to pursue cybercrime services like booter providers. We remain committed to bolstering our collaborative partnerships in the U.S. and abroad to address threats to critical internet infrastructure and services.”

“The enforcement actions launched today, made possible by enduring partnerships between law enforcement and private industry, represents continued pressure on DDoS-for-hire services and the cybercriminals and hacktivists who use them.” said Special Agent in Charge Kenneth DeChellis of the Defense Criminal Investigative Service (DCIS), Cyber Field Office. "This success demonstrates the resolve of the DCIS to relentlessly pursue those who target our warfighters and their information systems."

In conjunction with the website seizures, Homeland Security Investigations, DCIS, and the Netherlands Police have launched an advertising campaign using targeted placement ads in search engines, which are triggered by keywords associated with DDoS activities. The purpose of the ads is to deter potential cybercriminals searching for DDoS services in the United States and around the globe, and to educate the public on the illegality of DDoS activities.

In recent years, booter services have continued to proliferate as they offer a low barrier to entry for users looking to engage in cybercriminal activity. These types of DDoS attacks are so named because they result in the “booting” or dropping of the targeted computer from the internet.

For additional information on booter and stresser services and the harm that they cause, please visit: https://www.fbi.gov/contact-us/field-offices/anchorage/fbi-intensify-efforts-to-combat-illegal-ddos-attacks.

The seizures announced today were performed by DCIS’s Cyber-West Resident Agency.

These law enforcement actions were taken in conjunction with Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructures worldwide, and holding accountable the administrators and users of these illegal services. Principal partners in Operation PowerOFF include EUROPOL; the United States Attorney’s Office for the District of Alaska; The Department of Justice Computer Crime and Intellectual Property Section (CCIPS); FBI’s Anchorage and Los Angeles field offices; HSI’s Columbus field office; Germany’s Bundeskriminalamt (BKA); United Kingdom’s National Crime Agency (NCA); Netherlands Police; Polish Central Cybercrime Bureau; Brazilian Federal Police, Japan’s National Police Agency, France’s Police Nationale, and many others.

Assistance was provided by Akamai, Amazon Web Services, Cloudflare, Digital Ocean, Flashpoint, Google, PayPal, The University of Cambridge, and Unit 221B.

Assistant United States Attorneys James E. Dochterman of the Asset Forfeiture and Recovery Section and Aaron Frumkin of the Cyber and Intellectual Property Crimes Section are handling this investigation.