DOJ Seizes Websites Related to DDoS Attacks, Files Computer Fraud Charges - Securities Litigation & Compliance Services
WSJ logo
Forbes logo
Fox News logo
Bloomberg logo
Los Angeles Times logo
Washington Post logo
The Epoch Times logo
CNN logo
Telemundo logo
New York Times
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo
Quick Practice Area Locator

DOJ Seizes Websites Related to DDoS Attacks, Files Computer Fraud Charges

DDoS attacks

The United States Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI), in tandem with international law enforcement agencies from Europe, have seized dozens of websites pursuant to a court order. The federal agencies have also charged six people with crimes related to the use of those websites to conduct distributed denial-of-service, or DDoS, attacks for hire.

The seizure is a significant escalation by law enforcement in the world of computer hacking, data privacy, and cybersecurity. However, the nature of the charges that were filed and the investigatory techniques that were used raise some important questions about this aggressive regulation of a line of business where the line between a normal and a nefarious transaction can be difficult to see.

Feds Seize Websites, File Charges in DDoS Sting

According to the announcement on the DOJ’s website on December 14, 2022, the Justice Department used a court order to seize 48 internet domains that offered DDoS services on demand. Some of these domains are among the leading sites in this industry, which plays an important role in cybersecurity. A single one of these sites had been responsible for carrying out over 30 million DDoS attacks alone.

In addition to seizing the sites, the DOJ also filed computer fraud and conspiracy charges against six individual defendants.

American enforcement agencies were not working alone. Europol announced that it was also a part of the sting, which involved agents in the United Kingdom, Germany, the Netherlands, and Poland.

The DDoS Industry Straddles Cybersecurity and Cybercrime

To fully understand the importance of this development, it is essential to have a basic understanding of how the DDoS industry works.

DDoS attacks are a primitive form of cyberattack: The hacker basically unleashes a swarm of traffic onto the target website, slowing it down with the activity on the domain until it is forced off line. While primitive, DDoS attacks are frequently used by hackers to demand ransom payments, effectively holding a website hostage until the payment is made. They can also be used by businesses to overwhelm online assets that their competitors use, an underhanded way of getting the upper hand over them.

The potential for a website suffering a DDoS attack gave spawn to an upstanding and legitimate DDoS industry. These cybersecurity companies offer “stresser” or “booter” services for a fee – effectively auditing their clients’ systems by conducting a controlled DDoS attack against it.

These “stresser” or “booter” companies are thus in a precarious position: When a potential client asks them for a DDoS attack on a given website, if the client in fact owns the domain being stressed then it is a cybersecurity audit. However, if the client does not in fact own the domain, the DDoS-on-demand may be committing a cybercrime for hire.

Seized Domains are Among the Leaders in the DDoS Industry

Some of the domain names that were seized by the DOJ include some of the largest companies in the DDoS industry, including:

  • Royalstresser.com
  • Dragonstresser.com
  • Securityteam.io
  • Supremesecurityteam.com
  • Booter.sx
  • Astrostress.com
  • IPStresser.com

Some of these booter providers have conducted millions of DDoS audits or attacks.

Criminal Charges Carry Significant Penalties

Six people associated with the seized DDoS domains have been charged with crimes, four in the Central District of California and two in the District of Alaska.

Of the four in California:

  1. Defendants 1 and 2 have both been charged with a violation of the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030), as well as conspiracy to violate the Act
  2. Defendants 3 and 4 have been charged with conspiracy

Both of the defendants in Alaska have been charged with aiding and abetting violations of the CFAA.

The specific penalties that come with a conviction depend on the precise provision within the CFAA that was violated. However, nearly every type of violation is a felony offense that carries over a year in federal prison. Some of the worst offenses, including violations of subsection (a)(5)(A), which prohibits the intentional damage of a computer by knowing transmission and which appears to be the specific charges that are to be filed, carry up to 10 years in prison for a first offense, and up to 20 years for a subsequent offense.

How Much Due Diligence is Sufficient?

These serious criminal charges raise an extremely important question: How diligently must these DDoS-for-hire companies vet their potential clients before providing them the services that they want to purchase?

One of the defendants in Alaska, a native of Honolulu, Hawaii, ran his DDoS services company for 13 years and conducted an estimated 30 million DDoS attacks, amassing two million registered users on his platform. During an interview that he gave with a French publication in 2015, he claimed that he was immune from legal liability because his company required users to sign the terms and conditions with a digital signature, and those terms and conditions:

  • Disclaimed all liability for damage caused by the DDoS attack,
  • Told the user not to attack third party websites without their consent, and
  • Made the user promise that they were not using the DDoS attack for illegal activity.

Is this enough? While it might not appear to be at first blush, it is important to remember that small-scale DDoS services can be purchased for only a couple of dollars. How extensively are DDoS providers legally required to vet these clients? Do they have to perform more due diligence when the services become larger? The difficulties in drawing that scale are readily apparent, and demanding an extensive DDoS version of a financial institution’s “know your customer” obligations bears the very real possibility that the industry would become too expensive for all but the users who want to use DDoS attacks for the most lucrative, and nefarious, purposes.

Investigation Process Raises Questions As Well

A final concern is that federal agencies pursued the case in a way that might amount to entrapment.

During the law enforcement sting operation, which was codenamed Operation Power Off, FBI agents attested that they worked undercover to purchase booter and stresser services from DDoS companies. They said that they never had to prove that they owned the websites and domains to be attacked before completing the transaction and receiving the DDoS service.

However, this might not go far enough. If law enforcement agents were never asked to divulge the target of the DDoS services, it implies that those same agents never offered any details that might put a DDoS provider on alert that the services would be misused against a third party site without its consent.

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden

Founder

Attorney-at-Law

Lynette S. Byrd
Lynette S. Byrd

Former DOJ Trial Attorney

Partner

Brian J. Kuester
Brian J. Kuester

Former U.S. Attorney

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney

Local Counsel

John W. Sellers
John W. Sellers

Former Senior DOJ Trial Attorney

Linda Julin McNamara
Linda Julin McNamara

Federal Appeals Attorney

Aaron L. Wiley
Aaron L. Wiley

Former DOJ attorney

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (DOJ)

Chris Quick
Chris J. Quick

Former Special Agent (FBI & IRS-CI)

Michael S. Koslow
Michael S. Koslow

Former Supervisory Special Agent (DOD-OIG)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

Reach Out to the Defense Lawyers at Oberheiden P.C.

The federal white collar defense lawyers at the national defense law firm Oberheiden P.C. legally represent defendants who have been accused of computer crimes across the country. Contact them online or call their law office at (888) 680-1745.

Why Clients Trust Oberheiden P.C.

  • 95% Success Rate
  • 2,000+ Cases Won
  • Available Nights & Weekends
  • Experienced Trial Attorneys
  • Former Department of Justice Trial Attorneys
  • Former Federal Prosecutors, U.S. Attorney’s Office
  • Former Agents from FBI, OIG, DEA
  • Cases Handled in 48 States
Email Us 888-680-1745