Our Pledge To You

Crime

St. Charles man among 3 facing charges for running cyberattack-on-demand sites

hands type on a computer keyboard

A St. Charles is among three people facing federal charges related to DDoS-for-hire services offered online. | AP file photo

Federal authorities seized 15 internet domains this week and announced charges against a west suburban man and two other people accused of running websites offering cyberattack-for-hire services.

The domains that were seized offered “booter” or “stresser” services, which allow paying customers to launch distributed denial-of-service attacks (DDoS) that flood targeted computers with information and prevent them from accessing the internet, according to a statement from the U.S. Department of Justice.

On Wednesday, the FBI Cyber Division carried out search warrants issued by the U.S. District Court for the Central District of California, seizing 15 “booter” domains that “represent some of the world’s leading DDoS-for-hire services,” including critical-boot.com, ragebooter.com, downthem.org and quantumstress.net. “Booter” sites allegedly cause attacks on a wide range of victims, including financial institutions, universities, internet service providers, government systems and gaming platforms, according to the Justice Department.

An accompanying affidavit claimed the services offered “easy access to attack infrastructure” and included payment options for bitcoin, according to the DOJ. After conducting tests, the FBI found that the “relatively low cost” services “can and have caused disruptions of networks of all levels.”

Matthew Gatrel, 30, of St. Charles, and Juan Martinez, 25, of Pasadena, Calif., were arrested Wednesday in connection with the seizures, the DOJ said. They were each charged with conspiring to violate the Computer Fraud and Abuse Act through a pair of websites they maintained.

A criminal complaint noted that one of the sites, Downthem, offered subscribers targeted DDoS attacks against other internet users, the Justice Department said. The other site, Ampnode, offered resources to “facilitate the creation of standalone DDoS services.”

Between October 2014 and November, Downthem’s database showed more than 2,000 customer subscriptions, the DOJ said. During that time, the site was used to conduct — or attempt to conduct — more than 200,000 DDoS attacks.

On Dec. 12, the U.S. Attorney’s office for the District of Alaska charged 23-year-old David Bukoski with aiding and abetting computer intrusions, according to the Justice Department.

Bukoski, of Hanover Township, Pa., allegedly ran Quantum Stresser, “one of the longest-running DDoS services in operation,” the DOJ said. As of Nov. 29, the website had over 80,000 subscribers dating back to its launch in 2012. This year alone, the site was used to launch more than 50,000 actual or attempted DDoS attacks around the world, including in Alaska and California.