Advertisement

20-year-old pleads guilty to DDoS-for-hire scheme that netted $550,000

Sergiy Usatyuk and a co-conspirator enabled attackers to use only a web browser to launch a DDoS attack capable of knocking target sites offline.
Getty Images

A 20-year-old Illinois man pleaded guilty to charges related to a scheme to launch millions of distributed denial-of-service attacks against U.S. school districts and other targets, the U.S. Department of Justice announced Wednesday.

Sergiy Usatyuk and a co-conspirator gained more than $550,000 by charging subscribers for access to booter and stresser services, which typically enable attackers, using only a web browser, to launch a DDoS attack capable of knocking target sites offline. Usatyuk was involved with booter and stresser services including ExoStresser, QuezStresser, BetaBooter Databooter, Instabooter, Polystress and Zstress.

The Exostresser services alone facilitated 1,367,610 DDoS attacks which caused victims to suffer 109,186 hours of downtime, the DOJ said Wednesday.

In one case in 2017, a Betabooter user launched a number of DDoS attackers against a Pittsburgh, Pennsylvania, school district that also affected 17 other organization, including the county government, prosecutors said.

Advertisement

Usatyuk was active from around August 2015 to November 2017.

“DDoS-for-hire services pose a malicious threat to the citizens of our district, as well as districts across the country, by impeding critical access to the internet and jeopardizing safety and security in the process,” said U.S. Attorney Robert Higdon Jr. in the Justice Department’s announcement. “The operation and use of these services to disrupt the operations of our businesses and other institutions cannot be tolerated.”

The announcement only is the latest example of U.S. authorities taking action against accused DDoS operators. Prosecutors in California earlier this month unsealed charges against two men accused of launching DDoS attacks against school districts and Los Angeles International Airport while threatening physical violence as part of the alleged criminal activities.

In December, the Justice Department announced that officials had seized 15 domains that made it possible for web users to launch DDoS attacks against online video game services during the holiday season.

Latest Podcasts