FBI Shuts Down 15 DDoS-For-Hire Sites

The FBI has shut down the domains of 15 high-profile distributed denial-of-service (DDoS) websites. "Several seizure warrants granted by a California federal judge went into effect Thursday, removing several of these 'border' or 'stresser' sites off the internet 'as part of coordinated law enforcement action taken against illegal DDoS-for-hire services,'" reports TechCrunch. "The orders were granted under federal seizure laws, and the domains were replaced with a federal notice." From the report: Prosecutors have charged three men, Matthew Gatrel and Juan Martinez in California and David Bukoski in Alaska, with operating the sites, according to affidavits filed in three U.S. federal courts, which were unsealed Thursday. The FBI had assistance from the U.K.'s National Crime Agency and the Dutch national police, and the Justice Department named several companies, including Cloudflare, Flashpoint and Google, for providing authorities with additional assistance. In all, several sites were knocked offline -- including downthem.org, netstress.org, quantumstress.net, vbooter.org and defcon.pro and more -- which allowed would-be attackers to sign up to rent time and servers to launch large-scale bandwidth attacks against systems and servers.

Cool something besides politics

[Seven+Spirals]

Jesus thank you FBI for giving us ONE FUCKING STORY that didn't bring in some more dipshit partisans.

Re:Cool something besides politics

[ShanghaiBill]

I have also had direct dealings with the FBI's Computer Crime Lab. The team leader had a degree in history, and his subordinates were even more clueless than he was. The only way they could have done this is if the three named companies that provided them "addition assistance", handed them all the evidence on a silver platter. Even then, it is a miracle that they didn't screw it up.

The FBI prides themselves on their "special agents" being able to "do it all" without any actually being "special". But, at least with tech crimes, that clearly isn't working.

Re:Cool something besides politics

[Seven+Spirals]

Well, I my original post was a bit tongue and cheek. However, I had one experience that validates your main assertion. I did a contract job about 15 years ago for a company that had a severe internal IT vandalism incident (a "hack" as journalist would say). This guy was really, really, wanting prison. He used the corporate VPN and didn't make tremendous efforts to hide his tracks (they made him really made, I heard). The company apparently used an Excel spreadsheet to keep their passwords in. They were like "but we encrypted it!" (referring to some kind of M$ password lock on the file *shrug* I don't know Excel) which made me giggle inside. Anyhow, Joe Hacker was a sysadmin and from what I can tell a real firecracker of a person mixed with the fact this this company was run by some puffed up business weasel jerks who made for an explosive mix. The guy destroyed their print servers, destroyed a few file servers (mainly ones with "fun" files on them like MP3s), destroyed their fax servers, and erased their sales databases and leads. Then he moved on to worse things. He backdoored their software repos for devs with all kinds of nasty code and then erased version logs to cover his tracks so they didn't know who wrote what code. He put tons of malware and viruses on their file servers he didn't destroy and named it innocent things like "customer_data.xls.exe" which some fell for. He poison-pilled their Netbackup infrastructure and manually swapped row data in the Sysbase database it uses to mix up media IDs so they basically lost their backups. He put at least 20 backdoors in routers, servers, workstations and test machines (stuff like Sub7 and then ACLs in the router that allowed traffic from everywhere to their crown jewels and even NAT'd some to obscure the source addresses). He land-mined their WSUS and Jumpstart servers with malicious post-install scripts. He physically stole/swapped some of their Decru keycards for their PKI infrastructure so they lost most of their security logs and encrypted tapes. Then as he was getting fired, he put some scripts or some kind of final trigger in place that brought down their Sonnet networking gear for about 30 hours. Took like three Cisco CCIEs to fix that working continuously. Man, I'm just scratching the surface, too. This guy just unleashed hell on this company AND he did a great deal of it across state lines. We recovered some VPN logs that were pretty much smoking gun correlation to other security event data. It took me about two months to unravel the stuff he did. If he wasn't so malicious, I'd actually have some respect for his criminal ass because of how devilish some of the shit he did was (ie.. setting Solaris inittdefault to 6) "Why do these boxes keep rebooting!?". So, we gathered ALL this evidence along with some local law enforcement. The company tried to get the FBI involved and so did the local detectives. The Feds sent out one bunghole non-IT guy who basically shrugged it all off and walked away. Then, after that point, they were pretty much disconnected and checked out + not interested in it. So, I gotta wonder how much firepower they really have and when they'd bring it to bear. It's a one-off anecdote and thus probably doesn't mean shit. However, it does make me wonder. The guy did go down for some shit and did a small amount of time, but he was lucky as hell a jury never saw the evidence I gathered.

Re:Now if they could just take down "Lisa"

[ShanghaiBill]

Don't answer calls from people you don't know.

Many of us rely on our phones for business. I get calls almost every day from clients and prospective clients. If I don't take the call, I starve.

I have an iPhone. Almost all spam calls say "Scam Likely" in the name field. If Apple can identify scammers, why can't the phone company, or the FBI?