The FBI has seized 13 domains associated with “booter” services, which enable users to launch debilitating distributed denial-of-service (DDoS) attacks, by overwhelming a target’s servers with traffic. The domain names, which include cyberstress.org and exoticbooter.com, were home to services charging from a few dollars to hundreds of dollars per month while allowing users to launch multiple concurrent attacks. Booter services are generally associated with the Dark Web, chat forums, and YouTube, and customers can pay via PayPal, Google Wallet, and cryptocurrencies. The move follows similar operations by the US government in December 2022 that focused on DDoS-for-hire services, and another 2021 operation that targeted 15 DDoS-for-hire sites.
In a statement, prosecutors from Los Angeles explained that the services had launched millions of attacks against a variety of targets. Among those affected were government websites, financial institutions, and school districts and universities. While purveyors of booters argue they are not accountable for the use made by customers, the Department of Justice (DOJ) claims that most booter services rely heavily on scanning the internet to co-opt misconfigured devices that enable the amplification of DDoS attacks.,Moreover, no check is made by the services for verification that the user owns the internet address in question.
Experts believe the constant takedown of booter services, even by itself, imposes an unsustainable cost on the operators. Richard Clayton, director of Cambridge University’s Cybercrime Centre, explains that running a booter service necessitates a massive amount of monotonous admin work, such as scanning, commandeering, and controlling large numbers of remote systems that amplify online attacks. In addition, building brand recognition and customer loyalty takes considerable time.
Ten of the 13 seized domains are reincarnations of the DDoS-for-hire services seized by the FBI in December 2022. In a statement, prosecutors said that four of the six men charged at that time had already pleaded guilty, including Angel Manuel Colon Jr., 37, of Belleview, Florida, Shamar Shattock, 19, of Margate, Florida, and Cory Anthony Palmer, 23, of Lauderhill, Florida. All four have yet to be sentenced.
Despite the trend towards guilty pleas by those operating a DDoS-for-hire service, one defendant, John M. Dobbs, 32, of Honolulu, Hawaii, is pleading not guilty. Prosecutors claim that Dobbs’s DDoS-for-hire service, IPStresser.com, which attracted over 2 million users, launched 30 million DDoS attacks, and is now considered a key target in the FBI’s latest operation.
While taking down domains is a victory, it is a comparatively small step in the fight against cybercrime. A 2020 academic study from Clayton and others titled “Cybercrime is Mostly Boring,” found that booter services provided a significant portion of the cybercrime-as-a-service economy, with many of the operators quickly burning out due to the amount of tedious work required. Takedowns require a significant amount of resources from the FBI and DOJ, and there is always a risk that the service will reappear, making a more substantial intervention into this sector seem necessary.
However, for the moment, the FBI is content with continuing to place rug-pulls on booter services, as even a temporary seizure hurts the operators financially and stalls the business. As Clayton argues, if the operators keep losing their domains, they have to repeat all the monotonous work yet again. Booters are clearly among the more mundane aspects of cybercrime. Nevertheless, this seizure demonstrates that, along with ransomware attacks, the authorities are making progress in stemming cybercrime’s impact.