Participating in Distributed Denial of Service attacks (DDoS) and DDoS-for-hire services is illegal. The FBI and other law enforcement agencies investigate DDoS attacks as cyber crimes.
What are Booter and Stresser Services?
Booter and stresser services are a form of DDoS-for-hire—advertised in forum communications and available on websites or Dark Web marketplaces—offering malicious actors the ability to attack any Internet-connected target. These services are obtained through a monetary transaction, usually in the form of online payment services or virtual currency. Some criminal actors running booter and stresser services also sell access to DDoS botnets. These DDoS botnets are networks of malware-infected computers exploited to make a victim server or network resource unavailable by overloading the device with massive amounts of fake or illegitimate traffic.
These services have no legitimate use; they are designed to overwhelm server resources or to exceed bandwidth capacities. Established booter and stresser services offer a convenient means for malicious actors to conduct DDoS attacks by allowing such actors to pay for an existing network of infected devices, rather than creating their own. Booter and stresser services may also obscure attribution of DDoS activity.
Regardless of whether someone launches a DDoS attack using their own command-and-control infrastructure (e.g., a botnet) or hires a booter and stresser service to conduct an attack, their transmission of a program, information, code, or command to a protected computer is illegal and may result in criminal charges.
What are the Consequences of Participating in these Schemes?
The use of booter and stresser services to conduct a DDoS attack is punishable under the Computer Fraud and Abuse Act (18 U.S.C. § 1030), and may result in any one or a combination of the following consequences:
- Seizure of computers and other electronic devices
- Arrest and criminal prosecution
- Significant prison sentence
- Penalty or fine
Where to Report DDoS Attacks
The FBI encourages victims of DDoS attacks to contact their local FBI field office or file a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov, regardless of dollar loss or timing of incident. Field office contacts can be identified at www.fbi.gov/contact-us/field.
How is the FBI Combating the Growing DDoS Threat?
The FBI through its unique authorities, world-class capabilities, and enduring partnerships continues to defend against the cyber threat.
For over a century now, the FBI has been investigating crimes and collecting intelligence to protect the American public. Today, that is just as true in cyberspace. The FBI has adapted to cyber threats by using unique investigative and intelligence capabilities and by recruiting the next generation of the cyber workforce. Learn about FBI careers and how to become part of a global workforce of cyber experts at www.fbijobs.gov.
Partnerships are critical because there is no one government or private sector entity that can address the range of cyber threats we face alone. Learn how businesses and organizations can work with the FBI to get ahead of the threat and make an impact on our cyber adversaries at https://www.fbi.gov/investigate/cyber/partnerships.
- Criminal Charges Filed in Los Angeles and Alaska in Conjunction with Seizures Of 15 Websites Offering DDoS-For-Hire Services
- Justice Department Announces Charges and Guilty Pleas in Three Computer Crime Cases Involving Significant DDoS Attacks
- Illinois Man Convicted of Federal Criminal Charges for Operating Subscription-Based Computer Attack Platforms
- FBI: The Cyber Threat
- FBI: Business and Industry: Partners in Our Cyber Mission
- FBI IC3: Booter and Stresser Services Increase the Scale and Frequency of Distributed Denial of Service Attacks
- CISA: Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies
- DOJ: Securing Your “Internet of Things” Devices