Authorities have seized and shut down 15 popular DDoS-for-hire websites used by cybercriminals for revenge and DDoS (distributed denial of service) attacks on private individuals as well as businesses including online gaming giants, email service providers and hosting sites.
The operation against the DDoS-for-hire websites was a result of joint cooperation between the FBI ‘Federal Bureau of Investigation, Dutch Police, UK’s National Crime Agency along with the assistance of tech giant Google, cybersecurity firm Flashpoint and Cloudflare, etc.
The seized sites had thousands of registered users with access to stressers and booters to carry out DDoS attacks for Bitcoin or credit card payment. Some of their prime targets included gaming giants, Police, government sectors and banking and financial institutions.
According to the Justice Department’s press release, “these services offered easy access to attack infrastructure, payment options that included Bitcoin, and were relatively low cost. Each of the services was tested by the FBI, which verified those DDoS attack services offered through each of the seized websites. While testing the various services, the FBI determined that these types of services can and have caused disruptions of networks at all levels.”
The list of seized DDoS-for-hire websites is available below:
Furthermore, Justice Department has filed criminal charges against three defendants who facilitated two of the DDoS-for-hire websites Downthem and Ampnode. “Between October 2014 and November 2018, Downthem’s database showed over 2000 customer subscriptions, and had been used to conduct, or attempt to conduct, over 200,000 DDoS attacks,” said the FBI.
The operation came a week before Christmas, which, according to the FBI is “a period historically plagued by prolific DDoS attacks in the gaming world.” For instance, cybercriminals on December 25th, 2015, Phantom Squad’s DDoS attack took down Electronic Art (EA) and Steam servers only because it was Christmas. In another attack, PoodleCorp was responsible for shutting down Steam and Origin servers simply to ruin Christmas for gamers.
This is not the first time when authorities have shut down a DDoS-for-hire website and saved unsuspected users from DDoS attacks. In April this year, Webstresser.org, one of the largest platforms for cybercriminals to hire that was offering DDoS services for just €15 ($18) was shut down for good while its administrators were also arrested.