On Wednesday, the U.S. Department of Justice (DoJ) announced the seizure of 48 domains linked to the facilitation of distributed denial-of-service (DDoS) attacks. These domains provided a platform for malicious actors to launch attacks, thereby diminishing the barriers to entry for cybercriminal activities.
In connection with this crackdown, six individuals have been charged, including Jeremiah Sam Evans Miller (23), Angel Manuel Colon Jr. (37), Shamar Shattock (19), Cory Anthony Palmer (22), John M. Dobbs (32), and Joshua Laing (32). They are alleged to have played significant roles in operating these illicit services.
The DoJ asserted that the seized websites enabled paying customers to orchestrate robust DDoS attacks, overwhelming targeted systems with excessive data requests and rendering their internet service unusable. In a statement, the Department highlighted the operational model whereby clients could pay to mobilize these devastating attacks against specific targets.
The accused operate multiple booter and stresser services, including RoyalStresser.com, SecurityTeam.io, Astrostress.com, Booter.sx, IPStresser.com, and TrueSecurityServices.io, which have allegedly enabled high-volume DDoS attacks against various organizations, including educational institutions, governmental bodies, and gaming platforms. Although these services claimed to assess client resilience, they disproportionately targeted unsuspecting victims.
The Justice Department’s findings indicate that millions of individuals were affected through these DDoS-for-hire platforms. Court documents reveal that over one million users registered on IPStresser.com engaged in approximately 30 million DDoS attack operations from 2014 to 2022. Such scale highlights the operational capacity and reach of these illicit networks.
Moreover, investigations by the Federal Bureau of Investigation (FBI) uncovered that services were typically procured using cryptocurrency, which complicates traceability and adds a layer of anonymity for the perpetrators. This anonymity aligns with the potential MITRE ATT&CK techniques employed, including data obfuscation tactics during the initial access phase, as well as persistence and abuse of existing capabilities for attack execution.
As the situation unfolds, this recent operation echoes similar actions taken by the DoJ and FBI in December 2018, which led to the dismantling of 15 domains associated with similar DDoS services. An earlier initiative in April 2018, led by Europol, saw the disruption of major platforms like Webstresser.org, significantly affecting the availability of these criminal services that typically charged minimal fees for DDoS attacks against banks and government entities.
The seizure of these domains represents a substantial step in an ongoing coordinated effort, named Operation PowerOFF. This operation involves collaboration with international law enforcement agencies from the U.K., the Netherlands, Germany, and Poland, aiming to eradicate the infrastructure that supports DDoS-for-hire activities on a global scale.
