The FBI and International Law Enforcement Partners Intensify Efforts to Combat Illegal DDoS Attacks — FBI
The FBI and International Law Enforcement Partners Intensify Efforts to Combat Illegal DDoS Attacks
Participating in Distributed Denial of Service attacks (DDoS) and DDoS-for-hire services is illegal. The FBI and other law enforcement agencies investigate DDoS attacks as cyber crimes.
What are Booter and Stresser Services?
Booter and stresser services are a form of DDoS-for-hire—advertised in forum communications and available on websites or Dark Web marketplaces—offering malicious actors the ability to attack any Internet-connected target. These services are obtained through a monetary transaction, usually in the form of online payment services or virtual currency. Some criminal actors running booter and stresser services also sell access to DDoS botnets. These DDoS botnets are networks of malware-infected computers exploited to make a victim server or network resource unavailable by overloading the device with massive amounts of fake or illegitimate traffic.
These services have no legitimate use; they are designed to overwhelm server resources or to exceed bandwidth capacities. Established booter and stresser services offer a convenient means for malicious actors to conduct DDoS attacks by allowing such actors to pay for an existing network of infected devices, rather than creating their own. Booter and stresser services may also obscure attribution of DDoS activity.
Regardless of whether someone launches a DDoS attack using their own command-and-control infrastructure (e.g., a botnet) or hires a booter and stresser service to conduct an attack, their transmission of a program, information, code, or command to a protected computer is illegal and may result in criminal charges.
A Distributed Denial of Service (DDoS) attack awareness graphic for an initiative put forth by FBI Anchorage.
What are the Consequences of Participating in these Schemes?
The use of booter and stresser services to conduct a DDoS attack is punishable under the Computer Fraud and Abuse Act (18 U.S.C. § 1030), and may result in any one or a combination of the following consequences:
Seizure of computers and other electronic devices
Arrest and criminal prosecution
Significant prison sentence
Penalty or fine
Where to Report DDoS Attacks
The FBI encourages victims of DDoS attacks to contact their local FBI field office or file a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov, regardless of dollar loss or timing of incident. Field office contacts can be identified at www.fbi.gov/contact-us/field.
How is the FBI Combating the Growing DDoS Threat?
The FBI through its unique authorities, world-class capabilities, and enduring partnerships continues to defend against the cyber threat.
For over a century now, the FBI has been investigating crimes and collecting intelligence to protect the American public. Today, that is just as true in cyberspace. The FBI has adapted to cyber threats by using unique investigative and intelligence capabilities and by recruiting the next generation of the cyber workforce. Learn about FBI careers and how to become part of a global workforce of cyber experts at www.fbijobs.gov.
Partnerships are critical because there is no one government or private sector entity that can address the range of cyber threats we face alone. Learn how businesses and organizations can work with the FBI to get ahead of the threat and make an impact on our cyber adversaries at https://www.fbi.gov/investigate/cyber/partnerships.
Press Releases
Criminal Charges Filed in Los Angeles and Alaska in Conjunction with Seizures Of 15 Websites Offering DDoS-For-Hire Services
Justice Department Announces Charges and Guilty Pleas in Three Computer Crime Cases Involving Significant DDoS Attacks
Illinois Man Convicted of Federal Criminal Charges for Operating Subscription-Based Computer Attack Platforms
Resources
FBI: The Cyber Threat
FBI: Business and Industry: Partners in Our Cyber Mission
FBI IC3: Booter and Stresser Services Increase the Scale and Frequency of Distributed Denial of Service Attacks
CISA: Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies
DOJ: Securing Your “Internet of Things” Devices
Participating in Distributed Denial of Service attacks (DDoS) and DDoS-for-hire services is illegal. The FBI and other law enforcement agencies investigate DDoS attacks as cyber crimes.
What are Booter and Stresser Services?
Booter and stresser services are a form of DDoS-for-hire—advertised in forum communications and available on websites or Dark Web marketplaces—offering malicious actors the ability to attack any Internet-connected target. These services are obtained through a monetary transaction, usually in the form of online payment services or virtual currency. Some criminal actors running booter and stresser services also sell access to DDoS botnets. These DDoS botnets are networks of malware-infected computers exploited to make a victim server or network resource unavailable by overloading the device with massive amounts of fake or illegitimate traffic.
These services have no legitimate use; they are designed to overwhelm server resources or to exceed bandwidth capacities. Established booter and stresser services offer a convenient means for malicious actors to conduct DDoS attacks by allowing such actors to pay for an existing network of infected devices, rather than creating their own. Booter and stresser services may also obscure attribution of DDoS activity.
Regardless of whether someone launches a DDoS attack using their own command-and-control infrastructure (e.g., a botnet) or hires a booter and stresser service to conduct an attack, their transmission of a program, information, code, or command to a protected computer is illegal and may result in criminal charges.
A Distributed Denial of Service (DDoS) attack awareness graphic for an initiative put forth by FBI Anchorage.
What are the Consequences of Participating in these Schemes?
The use of booter and stresser services to conduct a DDoS attack is punishable under the Computer Fraud and Abuse Act (18 U.S.C. § 1030), and may result in any one or a combination of the following consequences:
Seizure of computers and other electronic devices
Arrest and criminal prosecution
Significant prison sentence
Penalty or fine
Where to Report DDoS Attacks
The FBI encourages victims of DDoS attacks to contact their local FBI field office or file a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov, regardless of dollar loss or timing of incident. Field office contacts can be identified at www.fbi.gov/contact-us/field.
How is the FBI Combating the Growing DDoS Threat?
The FBI through its unique authorities, world-class capabilities, and enduring partnerships continues to defend against the cyber threat.
For over a century now, the FBI has been investigating crimes and collecting intelligence to protect the American public. Today, that is just as true in cyberspace. The FBI has adapted to cyber threats by using unique investigative and intelligence capabilities and by recruiting the next generation of the cyber workforce. Learn about FBI careers and how to become part of a global workforce of cyber experts at www.fbijobs.gov.
Partnerships are critical because there is no one government or private sector entity that can address the range of cyber threats we face alone. Learn how businesses and organizations can work with the FBI to get ahead of the threat and make an impact on our cyber adversaries at https://www.fbi.gov/investigate/cyber/partnerships.
Press Releases
Criminal Charges Filed in Los Angeles and Alaska in Conjunction with Seizures Of 15 Websites Offering DDoS-For-Hire Services
Justice Department Announces Charges and Guilty Pleas in Three Computer Crime Cases Involving Significant DDoS Attacks
Illinois Man Convicted of Federal Criminal Charges for Operating Subscription-Based Computer Attack Platforms
Resources
FBI: The Cyber Threat
FBI: Business and Industry: Partners in Our Cyber Mission
FBI IC3: Booter and Stresser Services Increase the Scale and Frequency of Distributed Denial of Service Attacks
CISA: Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies
DOJ: Securing Your “Internet of Things” Devices