Prosecutors indict 6 people for allegedly launching massive DDoS attacks
Prosecutors indict 6 people for allegedly launching massive DDoS attacks
Zoom
Getty Images
Federal prosecutors on Wednesday indicted six people for allegedly operating websites that launched millions of powerful distributed denial-of-service attacks against a wide range of victims on behalf of millions of paying customers.< /p>
The sites presented themselves as startup or stress services designed to test the bandwidth and performance of customer networks. Prosecutors said in court documents that the services were used to direct massive amounts of unwanted traffic to third-party websites and Internet connections that customers wanted to remove or seriously restrict. The victims included educational institutions, government agencies, gaming platforms and millions of people. In addition to indicting six defendants, prosecutors also seized 48 internet domains associated with the service.
"These startup services enable anyone to launch cyberattacks that harm individual victims and compromise one's ability to access the Internet," Martin Estrada, U.S. attorney for the Southern District of California, said in a statement. . "This week's enforcement activity is a major milestone in our ongoing efforts to root out criminal behavior that threatens the infrastructure of the Internet and our ability to function in a digital world."
The services offered user interfaces that were essentially the same except for a few cosmetic differences. The screenshot below shows the web panel offered by orphicsecurityteam.com as of February 28. It allowed users to enter a target's IP address, network port, and the specific type of attack they wanted. The panel allowed users to choose different methods to amplify their attacks. Amplification involved bouncing a relatively small amount of specially crafted data off a third-party server in such a way that the server would hit the intended victim with payloads up to 10,000 times larger.
Enlarge
US Department of Justice
Ironically, most DDoS have relied on DDoS protection, such as those from content delivery network Cloudflare, to avoid being taken down in the DDoS themselves. In some cases, defendants relied on Cloudflare's free tier, with others using a more advanced tier that required payment.
According to an affidavit filed Wednesday, some of the services had impressive numbers of registered customers and launched attacks. For example, logs indicate that a service called ipstressor.com had 2 million registered users, with 1 million doing DDoS. The service conducted or attempted to conduct 30 million DDoS between 2014 and 2022. Securityteam.io reportedly conducted or attempted to conduct
1.3 million attacks and had 50,000 registered users. Prosecutors said astrostress.com conducted or attempted to conduct 700,000 DDoS and had 30,000 registered users.
Federal prosecutors on Wednesday indicted six people for allegedly operating websites that launched millions of powerful distributed denial-of-service attacks against a wide range of victims on behalf of millions of paying customers.< /p>
The sites presented themselves as startup or stress services designed to test the bandwidth and performance of customer networks. Prosecutors said in court documents that the services were used to direct massive amounts of unwanted traffic to third-party websites and Internet connections that customers wanted to remove or seriously restrict. The victims included educational institutions, government agencies, gaming platforms and millions of people. In addition to indicting six defendants, prosecutors also seized 48 internet domains associated with the service.
"These startup services enable anyone to launch cyberattacks that harm individual victims and compromise one's ability to access the Internet," Martin Estrada, U.S. attorney for the Southern District of California, said in a statement. . "This week's enforcement activity is a major milestone in our ongoing efforts to root out criminal behavior that threatens the infrastructure of the Internet and our ability to function in a digital world."
The services offered user interfaces that were essentially the same except for a few cosmetic differences. The screenshot below shows the web panel offered by orphicsecurityteam.com as of February 28. It allowed users to enter a target's IP address, network port, and the specific type of attack they wanted. The panel allowed users to choose different methods to amplify their attacks. Amplification involved bouncing a relatively small amount of specially crafted data off a third-party server in such a way that the server would hit the intended victim with payloads up to 10,000 times larger.
Enlarge
US Department of Justice
Ironically, most DDoS have relied on DDoS protection, such as those from content delivery network Cloudflare, to avoid being taken down in the DDoS themselves. In some cases, defendants relied on Cloudflare's free tier, with others using a more advanced tier that required payment.
According to an affidavit filed Wednesday, some of the services had impressive numbers of registered customers and launched attacks. For example, logs indicate that a service called ipstressor.com had 2 million registered users, with 1 million doing DDoS. The service conducted or attempted to conduct 30 million DDoS between 2014 and 2022. Securityteam.io reportedly conducted or attempted to conduct
1.3 million attacks and had 50,000 registered users. Prosecutors said astrostress.com conducted or attempted to conduct 700,000 DDoS and had 30,000 registered users.
Zoom
Getty Images
Enlarge
US Department of Justice
