U.S. Authorities Seize 13 Domains Offering Criminal DDoS-for-Hire Services


May 09, 2023Ravie LakshmananCyber Crime / DDoS Attack

DDoS-for-Hire Services

U.S. authorities have announced the seizure of 13 internet domains that offered DDoS-for-hire services to other criminal actors.

The takedown is part of an ongoing international initiative dubbed Operation PowerOFF that’s aimed at dismantling criminal DDoS-for-hire infrastructures worldwide.

The development comes almost five months after a “sweep” in December 2022 dismantled 48 similar services for abetting paying users to launch distributed denial-of-service (DDoS) attacks against targets of interest.

This includes school districts, universities, financial institutions, and government websites, according to the U.S. Department of Justice (DoJ).

Ten of the 13 illicit domains seized are “reincarnations” of booter or stresser services that were previously shuttered towards the end of last year.


“In recent years, booter services have continued to proliferate, as they offer a low barrier to entry for users looking to engage in cybercriminal activity,” DoJ said in a press release on Monday.

“In addition to harming victims by disrupting or degrading access to the internet, attacks from booter services can also completely sever internet connections for other customers served by the same internet service provider via a shared connection point.”

Parallel to the domain seizures, the DoJ also said that four of the six individuals who were charged in December 2022 in connection with operating the services have entered into a guilty plea.

The defendants – Jeremiah Sam Evans Miller, 23, of San Antonio, Texas; Angel Manuel Colon Jr., 37, of Belleview, Florida; Shamar Shattock, 19, of Margate, Florida; and Cory Anthony Palmer, 23, of Lauderhill, Florida – are expected to be sentenced later this year.

Try2Check Card-Checking Service Goes Down

The announcement comes days after the disruption of Try2Check (aka Try2Services) following a decade-long investigation, an illegal online platform that enabled threat actors to check the status of stolen credit card numbers in their possession and determine if they were valid and active.

The DoJ also charged a 43-year-old Russian national, Denis Gennadievich Kulkov, for his role in creating and turning the service into a “primary tool of the illicit credit card trade,” with the State Department offering a $10 million reward for information leading to his arrest.

The department is further extending a separate bounty of up to $1 million for any specifics that will help to identify other key leaders of the Try2Check cybercrime group.


Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

The fraudulent platform, per the indictment, allegedly misused the systems of a prominent U.S.-based payment processing firm to perform the card checks by exploiting its preauthorization service. The name of the company was not disclosed.

Try2Check, which launched in 2005, is estimated to have processed tens of millions of credit card checks every year and facilitated the operations of several major card shops like Joker’s Stash that specialized in bulk trafficking of stolen credit cards. As of February 2022, a single card check cost $0.20.

“Through the illegal operation of his websites, the defendant made at least $18 million in bitcoin (as well as an unknown amount through other payment systems), which he used to purchase a Ferrari, among other luxury items,” the DoJ noted.

The indictment against Kulkov also arrives weeks after Denis Mihaqlovic Dubnikov, who pleaded guilty to charges of money laundering for the Ryuk ransomware gang earlier this year, was sentenced to time served and ordered to forfeit $2,000 in illegal profits.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *