United States Attorney's Office for the Central District of California

12/11/2024 | Press release | Distributed by Public on 12/11/2024 13:15

2 Defendants Charged in U.S. Courts as Part of Global Crackdown on ‘Booter’ Services Offering Distributed Denial of Service Attacks

LOS ANGELES - The Justice Department today announced the court-authorized seizure of 27 internet domains associated with some of the world's leading DDoS-for-hire services, as well as criminal charges against two defendants who allegedly oversaw computer attack platforms commonly called "booter" services.

Federal law enforcement is now seizing the websites that allowed paying users to launch powerful distributed denial-of-service (DDoS) attacks that flood targeted computers with information and prevent them from being able to access the internet.

Booter services such as those named in this action allegedly attacked a wide array of victims in the United States and abroad, including educational institutions, government agencies, gaming platforms and millions of people. In addition to affecting targeted victims, these attacks can significantly degrade internet services and can completely disrupt internet connections.

The websites targeted in this operation were used to launch millions of actual or attempted DDoS attacks targeting victims worldwide. While some of these services claimed to offer "stresser" services that could purportedly be used for network testing, the FBI and DCIS determined these claims to be a pretense, and "thousands of communications between booter site administrators and their customers…make clear that both parties are aware that the customer is not attempting to attack their own computers," according to an affidavit filed in support of court-authorized warrants to seize the booter sites.

"Booter services facilitate cyberattacks that harm victims and compromise everyone's ability to access the internet," said United States Attorney Martin Estrada for the Central District of California. "This week's sweeping law enforcement activity is a major step in our ongoing efforts to eradicate criminal conduct that threatens the internet's infrastructure and our ability to function in a digital world."

"Cybercrime service providers, such as those criminals operating DDoS for hire booter websites, affect victims in Alaska and across the world," said United States Attorney S. Lane Tucker for the District of Alaska. "Because of the scope of the threat, we have partnered with law enforcement in the United States and abroad to achieve meaningful disruptions of these services in order to protect critical internet infrastructure and services."

"Whether you launch a DDoS attack or hire a DDoS service to do it for you, the FBI considers it a crime. Cybercriminals are increasingly targeting essential services and our critical infrastructure with DDoS attacks that can cost victims valuable time, money and reputational harm," said Akil Davis, Assistant Director in Charge of the FBI Los Angeles Field Office. "With the FBI's mix of unique authorities, capabilities, and partnerships, potential users and administrators should think twice before buying or selling these illegal services. Victims of cybercrime are urged to contact their local FBI field office or file a complaint with the FBI's Internet Crime Complaint Center at ic3.gov."

"DDoS attacks are a potent cyber weapon with the proven potential to disrupt critical information systems and infrastructure," said Special Agent in Charge Kenneth DeChellis of the Defense Criminal Investigative Services (DCIS), Cyber Field Office. "Today's action against DDoS-for-hire services demonstrates the resolve of the DCIS and global law enforcement partners to disrupt the use of these services by hacktivist groups and cybercriminals."

"In this coordinated law enforcement effort, the FBI seized and disabled powerful computer attack platforms that offered DDoS-for-hire services," said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office. "This action demonstrates our shared commitment with domestic and international law enforcement partners in combatting cybercrime and defending our digital infrastructure."

Law enforcement has conducted interviews with U.S. customers of these services, with future interviews expected, and authorities are continuing to investigate both administrators and customers of booter services around the world.

This coordinated law enforcement action comes shortly before the Christmas holiday period, which typically brings a significant increase in DDoS attacks across the internet.

Relatedly, one defendant has been charged federally in Los Angeles and one defendant has been charged federally in Anchorage, Alaska, in connection with DDoS-for-hire services.

Central District of California

Prosecutors in Los Angeles this week unsealed one indictment charging one defendant with running booter services.

Ricardo Cesar Colli, a.k.a. "TotemanGames," 22, of Brazil, is charged with conspiracy to violate and violating the Computer Fraud and Abuse Act related to the alleged operation of a booter service named Securityhide.net (formerly known as Securityhide.com).

Assistant United States Attorney Aaron Frumkin of the Cyber and Intellectual Property Crimes Section is prosecuting the case. Assistant United States Attorney James E. Dochterman of the Asset Forfeiture and Recovery Section is handling the seizure of the domains.

District of Alaska

Prosecutors in Alaska have indicted one defendant with being the administrator of significant booter services. That indictment remains under seal, as the United States continues to work with international partners to pursue an arrest and extradition.

Assistant United States Attorneys Adam Alexander, Ainsley McNerney, and Seth Brickey are prosecuting the case.

In conjunction with the website seizures, Homeland Security Investigations, the United Kingdom's National Crime Agency, and the Netherlands Police have launched an advertising campaign using targeted placement ads in search engines, which are triggered by keywords associated with DDoS activities. The purpose of the ads is to deter potential cyber criminals searching for DDoS services in the United States and around the globe, as well as to educate the public on the illegality of DDoS activities.

In recent years, booter services have continued to proliferate as they offer a low barrier to entry for users looking to engage in cybercriminal activity. These types of DDoS attacks are so named because they result in the "booting" or dropping of the targeted computer from the internet. For additional information on booter and stresser services and the harm that they cause, please visit: https://www.fbi.gov/contact-us/field-offices/anchorage/fbi-intensify-efforts-to-combat-illegal-ddos-attacks.

The cases announced today are being investigated by the FBI's Anchorage and Los Angeles field offices, Defense Criminal Investigative Service's Cyber East and Cyber West field offices, and HSI's Columbus field office.

Invaluable assistance was provided by Germany's Bundeskriminalamt (BKA); the United Kingdom's National Crime Agency; the Netherlands Police; Polish Central Cybercrime Bureau; Brazilian Federal Polic, High Tech Crimes Coordination; EUROPOL; and the Brandon Police Service in Manitoba, Canada. Akamai, Cloudflare, Digital Ocean, Entertainment Software Association, Flashpoint, Google, Oracle, PayPal, Unit 221B, Amazon Web Services, the University of Cambridge, and other valued private sector partners provided additional assistance.

These law enforcement actions were taken in conjunction with Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructures worldwide, and holding accountable the administrators and users of these illegal services.

In previous law enforcement actions involving prosecutors and investigators in Los Angeles and Anchorage over the last four years, the Justice Department charged nine defendants who facilitated DDoS-for hire services and seized more than 75 internet domains associated with DDoS-for-hire services. The multi-prong investigation announced today builds on the success of the prior cases by targeting all known booter sites, shutting down as many as possible, and undertaking a public education campaign.