FBI kicks some of the worst ‘DDoS for hire’ sites off the internet

The FBI has seized the domains of 15 high-profile distributed denial-of-service (DDoS) websites after a coordinated effort by law enforcement and several tech companies.

Several seizure warrants granted by a California federal judge went into effect Thursday, removing several of these “booter” or “stresser” sites off the internet “as part of coordinated law enforcement action taken against illegal DDoS-for-hire services.” The orders were granted under federal seizure laws, and the domains were replaced with a federal notice.

Prosecutors have charged three men, Matthew Gatrel and Juan Martinez in California and David Bukoski in Alaska, with operating the sites, according to affidavits filed in three U.S. federal courts, which were unsealed Thursday.

“DDoS for hire services such as these pose a significant national threat,” U.S. Attorney Bryan Schroder said in a statement. “Coordinated investigations and prosecutions such as these demonstrate the importance of cross-District collaboration and coordination with public sector partners.”

The FBI had assistance from the U.K.’s National Crime Agency and the Dutch national police, and the Justice Department named several companies, including Cloudflare, Flashpoint and Google, for providing authorities with additional assistance.

In all, several sites were knocked offline — including downthem.org, netstress.org, quantumstress.net, vbooter.org and defcon.pro and more — which allowed would-be attackers to sign up to rent time and servers to launch large-scale bandwidth attacks against systems and servers.

DDoS attacks have long plagued the internet as a by-product of faster connection speeds and easy-to-exploit vulnerabilities in the underlying protocols that power the internet. Through its Internet Crime Complaint Center (IC3), the FBI warned over a year ago of the risks from booter and stresser sites amid a wider concern about the increasing size and scale of powerful DDoS attacks. While many use booter and stresser sites for legitimate services — such as to test the resilience of a corporate network from DDoS attacks — many have used them to launch large-scale attacks that can knock networks offline. When those networks support apps and services, those too can face downtime — in some cases affecting millions of users.

Some of the sites named in the indictments reported attacks exceeding 40 gigabits per second, large enough to knock some websites offline for a period of time.

Specifically in the complaint, the Justice Department accused Downthem had more than 2,000 customer subscriptions, and had been used to carry out over 200,000 attacks.

But booter sites have largely been put to the wayside for larger attacks, such as the botnet-powered attack that knocked Dyn, a major internet powerhouse relied on by many tech companies, offline.

Thursday’s seizures mark the latest in a string of law enforcement action aimed at booter services. Earlier this year, U.S. and European authorities took down webstresser.org which prosecutors claimed to help launch more than six million attacks.

When reached, the FBI did not comment beyond the Justice Department’s statement.