Feds Seize 13 More DDoS-For-Hire Platforms In Ongoing International Crackdown (arstechnica.com) 17
An anonymous reader quotes a report from Ars Technica: The US Justice Department has seized the domains of 13 DDoS-for hire services as part of an ongoing initiative for combatting the Internet menace. The providers of these illicit services platforms describe them as "booter" or "stressor" services that allow site admins to test the robustness and stability of their infrastructure. Almost, if not all, are patronized by people out to exact revenge on sites they don't like or to further extortion, bribes, or other forms of graft. The international law enforcement initiative is known as Operation PowerOFF. In December, federal authorities seized another 48 domains. Ten of them returned with new domains, many that closely resembled their previous names.
"Ten of the 13 domains seized today are reincarnations of services that were seized during a prior sweep in December, which targeted 48 top booter services," the Justice Department said. "For example, one of the domains seized this week -- cyberstress.org -- appears to be the same service operated under the domain cyberstress.us, which was seized in December. While many of the previously disrupted booter services have not returned, today's action reflects law enforcement's commitment to targeting those operators who have chosen to continue their criminal activities." According to a seizure warrant (PDF) filed in federal court, the FBI used live accounts available through the services to take down sites with high-capacity bandwidth that were under FBI control. "The FBI tested each of services associated with the SUBJECT DOMAINS, meaning that agents or other personnel visited each of the websites and either used previous login information or registered a new account on the service to conduct attacks," FBI Special Agent Elliott Peterson wrote in the affidavit. "I believe that each of the SUBJECT DOMAINS is being used to facilitate the commission of attacks against unwitting victims to prevent the victims from accessing the Internet, to disconnect the victim from or degrade communication with established Internet connections, or to cause other similar damage."
"Ten of the 13 domains seized today are reincarnations of services that were seized during a prior sweep in December, which targeted 48 top booter services," the Justice Department said. "For example, one of the domains seized this week -- cyberstress.org -- appears to be the same service operated under the domain cyberstress.us, which was seized in December. While many of the previously disrupted booter services have not returned, today's action reflects law enforcement's commitment to targeting those operators who have chosen to continue their criminal activities." According to a seizure warrant (PDF) filed in federal court, the FBI used live accounts available through the services to take down sites with high-capacity bandwidth that were under FBI control. "The FBI tested each of services associated with the SUBJECT DOMAINS, meaning that agents or other personnel visited each of the websites and either used previous login information or registered a new account on the service to conduct attacks," FBI Special Agent Elliott Peterson wrote in the affidavit. "I believe that each of the SUBJECT DOMAINS is being used to facilitate the commission of attacks against unwitting victims to prevent the victims from accessing the Internet, to disconnect the victim from or degrade communication with established Internet connections, or to cause other similar damage."
Auzre Load Testing anyone? (Score:5, Interesting)
I wonder how long it'll take the FBI to figure out that Microsoft offers exactly this service as Azure Load Testing. The quick-start tutorial [microsoft.com] basically outlines how to do it. A free account has enough restrictions on it that it'd make it impractical to use on any useful (to an attacker) scale, but I'm fairly sure it's possible to obscure the financial details enough to keep an operator safe.
End crypto, ddos stop (Score:2, Insightful)
Without crypto there'd be much less incentive and much higher risk to ddos criminality.
No one serious will miss crypto.
Re: (Score:3)
Actually, the main problem is Ransomware. Crapcoins are used to do the money-laundering there.
Re: (Score:2)
It's that, too.
But please don't dismiss the "ddos for hire" thing going on and that shit is paid in crypto. I've also seen "pay us (in crypto) in you want the ddos to stop".
Crypto as a criminal payment is a problem across more than any single crime.
And of course crypto itself is just a series of rug pulls, hacks and market manipulation.
Re: (Score:1)
hmm, i wonder if this guy is invested in crypto?
Re: (Score:3)
I said 2 things:
1) without crypto, online criminal behavior for hire would be more risky
2) and lower incentive
Are either of those untrue? If you think so, please explain.
I didn't say there would be no crime at all but the epidemic of ddos and other shitty behavior would stop. With 8 billion people on the planet there will always be shitty behavior. Countries with a death penalty for murder or drugs or whatever still have those crimes at some low level. But why encourage or foster it with an easy pseudo
Re: (Score:2)
Re: (Score:2)
Agreed but it's still harder to track than doing a query against the database of transactions uploaded by the banks every day, yes?
Re: (Score:2)
It is somewhat traceable. Under some circumstances it can be gotten back. Under some circumstances you can identify the target of the payment. But it is not reliable at this time and neither may be true for a specific payment.
But the fact of the matter is it die cause Ransomware to explode, because suddenly there was a money laundering path that did not require any skill on the origin point of the money and that was not actually illegal to use at the origin point and hence made ransom payments a lot easier.
Re: (Score:2)
DDoS for hire is a real problem. It does not depend on crapcoins for the payment path though. Ransomware does because the constellation is different. With DDoS for hire, both the one paying and the one performing the attack are doing something criminal and they collude. With Ransomware, the one paying is not acting criminally and would like to identify the one they paid because they attackend them and they would like to get those crapcoins back.
Re: (Score:2)
Ddos isn't as dependent as ransomeware but it does make it easier and a more likely option for bad guys because there is a sense of privacy in payment that doesn't exist with cash, wire transfers, etc, etc.
Even criminals don't want other criminals to know who they are. There is no honor among thieves. Without crypto there would still be online crime of course but I think it would be lessened.
Consider: kidnapping in the modern sense is about 100 years old and usually involves a drop of cash or an in person
is this just whack-a-mole? (Score:2)
This sounds about as useful as announcing you've found another empty getaway car while the bank robbers remain on the loose.
If all they're doing is seizing domains, they're just lightly inconveniencing the DDoS groups to move to a new domain. And since they're already being forced to do that from time to time, I'm sure they have that process pretty streamlined, as this mentions this specific group has already moved at least once.
None of this work matters in the long run if you don't find the people running