The FBI has closed 15 sites for DDoS attacks. Will the first Christmas happen without the fall of gaming platforms?
The user interface for Downthem [.] Org, one of 15 boot sites captured by the feds, the
Ministry of Justice issued a winning press release announcing the seizure of 15 domains. At these addresses, you could previously order the services of "stressing", that is, testing the strength of your site by some kind of DDoS attack on it. Naturally, civilized stress tests are only a cover for conducting DDoS attacks on other sites, which is prohibited by law.
The FBI operation took place a week before the Christmas holidays, when gaming platforms traditionally fall under a heavy load, which is accompanied by traditional DDoS.
Illegal sites offered services like “booter” or “stresser” for a fee. A client could order powerful distributed denial of service attacks, that is, DDoS. According to the Department of Justice, a large number of sites in the United States and abroad have suffered from such attacks, including financial institutions, universities, Internet service providers, government systems and various gaming platforms.
List of closed sites
- anonsecurityteam [.] com
- booter [.] ninja
- bullstresser [.] net
- critical-boot [.] com
- defcon [.] pro
- defianceprotocol [.] com
- downthem [.] org
- layer7-stresser [.] xyz
- netstress [.] org
- quantumstress [.] net
- ragebooter [.] com
- request [.] rip
The Ministry of Justice also filed criminal charges against three suspects for conducting illegal stress tests.
According to court documents , each of the 15 sites offered easy access to the infrastructure for an attack, provided an opportunity to pay for services in various ways, including Bitcoin, and the tariffs were relatively low.
The FBI tested every service. For this, the corresponding DDoS service was ordered. When testing various services, the FBI determined that "these types of services can and do cause disruptions in the operation of networks at all levels."
After the investigation on December 19, 2018, arrest warrants were issued for the following suspects:
- Matthew Gatrel, 30, St. Charles, Illinois,
- Juan Martinez, 25, Pasadena, California.
They are accused of "conspiracy to violate the Law on Computer Fraud and Abuse." The government claims that Gatrell and Martinez constantly scanned the Internet for the presence of incorrectly configured devices, and then sold lists of IP addresses associated with these devices to operators of other DdoS services. David Bukoski was among the buyers (see below).
Apparently, these two belonged to the services of Downthem and Ampnode. The first one directly offered its clients DDoS attacks, and the second one offered resources for creating autonomous DDoS systems. Between October 2014 and November 2018, the Downthem database has more than 2,000 customer records. The service was used to conduct or attempt to conduct more than 200,000 DDoS attacks, the Ministry of Justice said in a press release.
On December 12, 2018, the Alaska District Prosecutor’s Office filed charges against a third suspect, 23-year-old David Bukoski, from Hanover, Pennsylvania. The documents state that Bukoski managed the Quantum Stresser service, one of the most active and reputable DDoS services on the Internet. As of November 29, 2018, more than 80,000 customer records have been registered in Quantum, the first of which were made after the launch of the service in 2012. Only in 2018, Quantum was used to launch more than 50,000 actual attacks or attempts to conduct them.
Brian Krebs writesthat the operation of the FBI and other law enforcement agencies differs from previous cases of closing DDoS services in that the government actually tested each of these services, ordering services there. In fact, the documents say that the authorities have identified at least 60 different services for carrying out attacks that operate from June to December 2018, but “not all of them are fully functional and capable of launching attacks”. Thus, 15 closed services are really working services through which the FBI was able to successfully conduct DDoS.
Representatives of the Ministry of Justice acknowledge that closing these 15 sites “will not solve the problem once and for all,” and other services will appear instead of closed services.