ANCHORAGE, Alaska – The U.S. Justice Department Thursday announced court-authorized actions taken to disrupt some of the world’s leading Distributed Denial of Service (DDoS) Internet of Things (IoT) botnet services.
U.S. authorities continue to focus resources on charging DDoS botnet administrators and seizing infrastructure, like websites, that allow paying users to launch powerful DDoS attacks. These attacks flood targeted computers and servers with information to prevent them from being able to access the internet. In recent years, DDoS, aka “booter,” services have continued to proliferate as they offer a low barrier to entry for users looking to engage in cybercriminal activity.
DDoS services, such as those named in this action, allegedly attacked a wide array of victims in the United States and abroad, including schools, government agencies, gaming platforms, critical infrastructure, including Department of War resources, and millions of people. In addition to affecting targeted victims, these attacks can significantly degrade internet services and completely disrupt internet connections.
In the District of Alaska, U.S. authorities seized services associated with eight DDoS-for-hire domains, including “Vac Stresser” and “Mythical Stress,” which both purport to launch tens of thousands of DDoS attacks per day. The District of Alaska also conducted searches of DDoS-for-hire backend servers.
United States Attorney’s Office, District of Alaska; Case #: 3:26-mj-00248
Today’s announcement builds on the success of the prior cases by targeting known DDoS sites, shutting down large numbers of them simultaneously, and undertaking a public education campaign. In the last four years, more than 11 defendants have been charged in Anchorage and Los Angeles for facilitating DDoS-for-hire services. More than 100 domains associated with such services have been seized.
In conjunction with the website seizures, Homeland Security Investigations (HSI), Department of War Office of Inspector General’s Defense Criminal Investigative Service (DCIS), and the Netherlands Police have launched an advertising campaign using targeted placement ads in search engines, which are triggered by keywords associated with DDoS activities. The purpose of the ads is to deter potential cybercriminals searching for DDoS services in the United States and around the globe, and to educate the public on the illegality of DDoS activities.
“Criminal DDoS-for-hire services impact internet services for victims across the country, including Alaska,” said U.S. Attorney Michael J. Heyman for the District of Alaska. “This threat highlights the continued need to combat cybercrime services like booter providers. We continue to prioritize addressing these threats through collaborative domestic and international partnerships to safeguard critical internet infrastructure and services for all Americans.”
“Today’s announcement is the result of continued partnership between law enforcement and the private sector, targeting criminal DDoS services that threaten the integrity of the internet,” said Special Agent in Charge Kenneth DeChellis of the DCIS, Cyber Field Office. “DDoS is a clear threat to the Department and will continue to be a target of our investigative efforts.”
This law enforcement action was taken in conjunction with Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructures worldwide, and holding accountable the administrators and users of these illegal services. Principal partners in Operation PowerOFF include EUROPOL; the U.S. Attorney’s Offices for the District of Alaska and Central District of California; DCIS; FBI’s Anchorage Field Office; HSI’s Columbus Field Office; the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and International Computer Hacking and Intellectual Property (ICHIP) attorney advisor, who is based at Eurojust in The Hague; Germany’s Bundeskriminalamt (BKA); Netherlands Police; Polish Central Cybercrime Bureau; Japan’s National Police Agency, France’s Police Nationale, and many others.
Assistance was provided by Akamai, Amazon Web Services, Cloudflare, Digital Ocean, Epieos, Google, Hydrolix, PayPal, Registrar of Last Resort and The ShadowServer Foundation, The University of Cambridge and Unit 221B.
