Malware-as-a-Service Provider Gets Caught

9597084491?profile=RESIZE_400xAn Illinois man was found guilty on 16 September 2021 by a US federal court jury for running websites that allowed paying users to launch powerful distributed denial of service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the Internet.

A 32 man from St. Charles, Illinois, was found guilty of three felonies: one count of conspiracy to commit unauthorized impairment of a protected computer, one count of conspiracy to commit wire fraud, and one count of unauthorized impairment of a protected computer.

According to evidence presented at his nine-day trial, he owned and operated two DDoS facilitation websites: DownThem.org and AmpNode.com.  DownThem sold subscriptions allowing customers to launch DDoS attacks while AmpNode provided “bulletproof” server hosting to customers with an emphasis on “spoofing” servers that could be pre-configured with DDoS attack scripts and lists of vulnerable “attack amplifiers” used to launch simultaneous cyberattacks on victims.

Records from the DownThem service revealed more than 2,000 registered users and more than 200,000 launched attacks, including attacks on homes, schools, universities, municipal and local government websites, and financial institutions worldwide.  This is often called a “booting” service, DownThem itself relied upon powerful servers associated with his AmpNode bulletproof hosting service.  Many AmpNode customers were themselves operating for-profit DDoS services.

The hacker offered expert advice to customers of both services, providing guidance on the best attack methods to “down” different types of computers, specific hosting providers, or to bypass DDoS protection services.  He himself often used the DownThem service to demonstrate to prospective customers the power and effectiveness of products, by attacking the customers intended victim and providing proof, via screenshot, that he had severed the victim’s internet connection.[1]

The DownThem customers could select from a variety of different paid “subscription plans.”  The subscription plans varied in cost and offered escalating attack capability, allowing customers to select different attack durations and relative attack power, as well as the ability to launch several simultaneous, or “concurrent” attacks.  Once a customer entered the information necessary to launch an attack on their victim, his system was set up to use one or more of his own dedicated AmpNode attack servers to unlawfully appropriate the resources of hundreds or thousands of other servers connected to the internet in what are called “reflected amplification attacks.”

Sentencing is set for 27 January of next year, 2022.  He faces face a statutory maximum sentence of 35 years in federal prison.

A co-defendant from Pasadena, IL pleaded guilty on 26 August on one count of unauthorized impairment of a protected computer.  He was originally a customer, then a co-administrator of the site in 2018.  This person will face a statutory maximum sentence of 10 years in federal prison at his sentencing hearing, which is scheduled for 2 December 2021.

Some say that crime pays.  In this case, crime resulted in 10-30 years in US federal prison.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/3702558539639477516

 

[1] https://www.justice.gov/usao-cdca/pr/illinois-man-convicted-federal-criminal-charges-operating-subscription-based-computer

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!