US authorities seize more domains linked to prolific DDoS-for-hire websites

Carly Page
Updated ·2 min read
88

U.S. authorities have seized 13 more domains linked to some of the world’s most popular DDoS-for-hire websites.

These websites, also described as “booter” or “stressor” services, are marketed as legitimate security testing tools that allow admins to stress-test websites. In reality, the services are used for launching denial-of-service (DDoS) attacks designed to overwhelm websites and networks and force them offline.

The DOJ announced on Monday that the FBI had seized 13 more domains linked to some of the most prolific booter services as part of Operation PowerOFF, an international law enforcement effort to disrupt online platforms that allow anyone to launch massive distributed DDoS attacks.

However, the Justice Department said that 10 of the 13 domains seized by law enforcement this week were linked to previous domains seized in a December 2022 sweep that took down 48 booter services.

“For example, one of the domains seized this week – cyberstress.org – appears to be the same service operated under the domain cyberstress.us, which was seized in December,” the DOJ said. "While many of the previously disrupted booter services have not returned, today’s action reflects law enforcement’s commitment to targeting those operators who have chosen to continue their criminal activities."

TechCrunch visited the 13 websites seized by the FBI this week. While almost all of the websites targeted by the operation now display a message stating they have been seized by the FBI, TechCrunch found that — at the time of writing — at least one of the sites continues to operate as normal. It’s not clear why this site continues to load and the DOJ has yet to respond to TechCrunch’s questions.

As part of its investigation into the domains, which the DOJ says have “hundreds of thousands” of registered users and have been used to target school districts and government websites, the FBI opened or renewed accounts with each service and then tested them by launching DDoS attacks against government-controlled computers. It then observed the effect on these “victim” computers.

“In some cases, despite the ‘victim’ computer being on a network with a large amount of capacity, the test attack was so powerful that it completely severed the internet connection,” the DOJ said.

The Justice Department also said in Monday’s announcement that four of the defendants charged in December -- Jeremiah Sam Evans Miller, Angel Manuel Colon Jr., Shamar Shattock and Cory Anthony Palmer -- pled guilty earlier this year. These defendants, who are scheduled to be sentenced this summer, have been linked to the operation of the now-defunct "RoyalStresser.com," "SecurityTeam.io," "Astrostress.com," and "Booter.sx" DDoS-for-hire services.

The takedowns were carried out as part of a joint operation between the U.K.’s National Crime Agency, Dutch police and Europol. Earlier this year, the NCA announced it had infiltrated the online criminal marketplace by setting up a number of sites purporting to offer DDoS-for-hire services.