DDoS-for-hire services, have been in the news recently, following the US Justice Department’s seizure of 13 domains as part of Operation PowerOFF. Most of these illicit services are known as “booter” or “stresser” services, which allow site admins to test the strength and stability of their infrastructure. However, they are often used by people seeking revenge on sites they dislike, or for extortion, bribes, and other forms of graft.
Those 13 domain names come in addition of 48 domain names which had already been seized in december 2022 by FBI in a mass take down of DDoS-for-hire sites.
In recent years, the internet has seen a disturbing trend emerge: websites that allow users to launch free DDoS attacks. The emergence of these sites has raised concerns among cybersecurity experts, who worry that they could be used by malicious actors to disrupt critical infrastructure or launch attacks against businesses and individuals.
The Justice Department’s initiative is aimed at combating this internet menace, but DDoS-for-hire websites usually return within 24 to 48 hours after being taken down. Their new addresses are often available on websites that list known stresser/booter services by following their news. In December 2022, ddosforhire.net, operated by a notorious ddos attacker known as “JiiN,” was shut down due to JiiN’s “exit-scam” after a mass take down of DDoS-for-hire sites. JiiN’s may have been scared, but it has motivated other similar websites to open. Some of these sites are owned by known DDoS-for-hire operators who use them for advertising purposes, while others leverage their list to verify the efficience of provided ddos attacks, report scammers, and generate profits, such as this particular site.
Telegram is becoming increasingly popular among DDoS-for-hire admins as a way to communicate news about their services to their community. They can create channels where they can post updates and news about their services, and subscribers can receive notifications when new content is posted. Telegram is a messaging app that is popular with cybercriminals because it offers end-to-end encryption, making it difficult for law enforcement agencies to monitor their activities. This allows DDoS-for-hire admins to keep their community informed about any changes to their services, such as new features or pricing plans. It also allows them to communicate with potential customers who may be interested in using their services.
The take down of these domains has generated a lot of media attention, which stresser/booter services can use to their advantage. They can gain notoriety and advertise their services on social networks, taking advantage of the echo generated by the media.
However, the use of Telegram by stresser service admins highlights the need for increased vigilance by law enforcement agencies. While Telegram offers end-to-end encryption, it is not immune to monitoring by law enforcement agencies.
The Justice Department’s announcement also revealed that four defendants charged in December had already pleaded guilty earlier this year. These defendants were involved in the operation of booter services named RoyalStresser.com, Supremesecurityteam.com, SecurityTeam.io, Astrostress.com, and Booter.sx.
While the Justice Department’s initiative is a step in the right direction for combating stresser/booter services, it remains to be seen whether they will be able to keep up with the constant reincarnation of these illicit services. Site admins should take precautions to protect their infrastructure from DDoS attacks, such as using a content delivery network (CDN) and implementing DDoS mitigation services. As same for Windows, Linux, Android and even iOS users, ddos protected VPN including features such has kill switch are also good solution to keep your public IP address private, and safe from ddos attackers.