Cyberattack-on-demand firms taken down by FBI

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Dec. 20, 2018 / 7:18 PM GMT

By Andrew Blankstein

Federal prosecutors announced Thursday the seizure of 15 internet domains and charges against several men associated with firms that offered on-demand cyberattacks.

Federal officials allege that the firms carried out attacks on behalf of clients on the computer platforms of financial institutions, universities, internet service providers, government systems and various gaming platforms by using distributed denial-of-service (DDos) attacks, which overwhelm computer systems with floods of internet traffic.

The domains seized by the FBI in the nationwide investigation include some of the world’s largest “booter” or “stresser” services including critical-boot.com, ragebooter.com, downthem.org, and quantumstress.net, according to federal criminal complaints filed in California and Alaska.

The use of such services, so named because they boot or drop the victim-targeted website from the internet, have grown as a low-cost, entry-level option for those seeking to engage in cybercrime, according to federal law enforcement officials.

Clients of the services were able to launch powerful attacks that flood targeted computers as well as websites and servers with internet traffic, rendering them unusable to the public, according to the 33-page affidavit in support of the warrant filed in U.S. District Court for the Central District of California.

Matthew Gatrel, 30, of St. Charles, Illinois, and Juan Martinez, 25, of Pasadena, California, have been charged in the complaint with conspiring to violate the Computer Fraud and Abuse Act through the operation of services known as Ampnode and Downthem.

From October 2014 to November 2018, Downthem’s database showed more than 2,000 customer subscriptions, and had been used to conduct or attempt to conduct, over 200,000 DDoS attacks.

“The attack-for-hire websites targeted in this investigation offered customers the ability to disrupt computer networks on a massive scale, undermining the internet infrastructure on which we all rely,” U.S. Attorney Nick Hanna said. “While this week’s crackdown will have a significant impact on this burgeoning criminal industry, there are other sites offering these services — and we will continue our efforts to rid the internet of these websites. We are committed to seeing the internet remain a forum for the free and unfettered exchange of information.”

In addition to the federal actions in California, the U.S. Attorney’s Office for the District of Alaska charged David Bukoski, 23, of Hanover Township, Pennsylvania, with aiding and abetting computer intrusions.

The charging documents allege that Bukoski operated Quantum Stresser, one of the longest-running DDoS services in operation. As of Nov. 29, Quantum had more than 80,000 customer subscriptions dating back to its launch in 2012. In 2018 alone, Quantum was used to launch over 50,000 actual or attempted DDoS attacks targeting victims worldwide, including victims in Alaska and California.

Each of the services was tested by the FBI, which verified those DDoS attack services offered through each of the seized websites and the bureau determined that these types of services can and have caused disruptions of networks at all levels.