Washington, DC - An Orland Park, Illinois man pleaded guilty to one count of conspiracy to cause damage to internet-connected computers for his role in owning, administering, and supporting illegal booter services that launched millions of illegal DDoS attacks against victim computer systems in the United States and elsewhere. The illegal services included ExoStress.in, (“ExoStresser”), QuezStresser.com, Betabooter.com (“Betabooter”), Databooter.com, Instabooter.com, Polystress.com, and Zstress.net.
Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division and U.S. Attorney Robert J. Higdon Jr. for the Eastern District of North Carolina, made the announcement.
According to the criminal information, Sergiy P. Usatyuk, 20, combined with a co-conspirator to develop, control and operate a number of booter services and booter-related websites from around August 2015 through November 2017 that launched millions of DDoS attacks that disrupted the internet connections of targeted victim computers, rendered targeted websites slow or inaccessible, and interrupted normal business operations. For instance, as of Sept. 12, 2017, ExoStresser advertised on its website (exostress.in) that its booter service alone had launched 1,367,610 DDoS attacks, and caused targeted victim computer systems to suffer 109,186.4 hours of network downtime.
“Booters” or “Stressers” are a class of publicly-available, web-based services that allow cybercriminals to launch distributed denial-of-service, or DDoS, attacks that overwhelm a target computer system with unrequested traffic and, in turn, “boot” or “drop” the victim from the internet for a relatively small fee or no fee at all. To launch a DDoS attack using a booter, a cybercriminal often needs only a web browser and online payment tool to subscribe to a provider, provide instructions for attacking a victim computer system, and deliver payment.
The DDoS attacks launched by the booters also harmed computer systems that were not directly targeted. For example, according to the criminal information, in November 2016, a Betabooter subscriber launched a series of DDoS attacks against a school district in the Pittsburgh, Pennsylvania area that not only disrupted the school district’s computer systems, but affected the computer systems of 17 organizations that shared the same computer infrastructure, including other school districts, the county government, the county’s career and technology centers, and a Catholic Diocese in the area.
During the period of the conspiracy, Usatyuk and a co-conspirator gained in excess of $550,000 from charging subscriber fees to paying customers of their booter services and selling advertising space to other booter operators.
“For over two years, Sergiy Usatyuk conspired to launch millions of DDoS attacks that paralyzed the computer systems of U.S. organizations for more than 100,000 hours,” said Assistant Attorney General Benczkowski. “The Criminal Division and our law enforcement partners will remain vigilant in protecting the American public by prosecuting the cybercriminals responsible for these sophisticated and harmful schemes.”
“DDoS-for-hire services pose a malicious threat to the citizens of our district, as well as districts across the country, by impeding critical access to the internet and jeopardizing safety and security in the process,” said U.S. Attorney Higdon. “The operation and use of these services to disrupt the operations of our businesses and other institutions cannot be tolerated. Anyone who weaponizes web traffic in this manner will be vigorously pursued and prosecuted by my office.”
Over the past five years, booter and stresser services have grown as an increasingly prevalent class of DDoS attack tools. Booter-based DDoS attack tools offer a low barrier to entry for users looking to engage in cybercrime.
The investigation was conducted by special agents of the FBI Charlotte Field Office, Raleigh Resident Agency. Additional assistance was provide by FBI’s Chicago and Miami Field Offices, as well as the Defense Criminal Investigative Service.
The case is being prosecuted by Trial Attorney Aarash Haghighat of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Adam Hulbig of the Eastern District of North Carolina.