An Illinois man has been sentenced to 13 months behind bars after participating in a DDoS-for-hire scheme which made him over half a million dollars.
Sergiy P. Usatyuk, 21, of Orlando Park, was charged with one count of conspiracy to cause damage to internet-connected computers. He’s said to have owned and managed illegal booter services which were used to launch DDoS attacks on millions of victims in the US and abroad.
As part of the verdict, Usatyuk has been ordered to forfeit $542,925 in proceeds from the scheme, and hand over dozens of servers and other computer equipment used in the operation.
From around August 2015 to November 2017, he’s said to have teamed up with a co-conspirator to run several booter sites including: ExoStress.in; QuezStresser.com; Betabooter.com; Databooter.com; Instabooter.com; Polystress.com and Zstress.net.
As well as the intended targets, some of the attacks also affected other organizations. One Betabooter customer launched DDoS attacks against a school district in Pittsburgh that also impacted 17 organizations that shared the same underlying infrastructure, including other school districts, the county government, career and technology centers and a Catholic Diocese, according to the indictment.
“DDoS-for-hire services pose a malicious threat to the citizens of our district, as well as districts across the country, by impeding critical access to the internet and jeopardizing safety and security in the process,” said US attorney for the Eastern District of North Carolina, Robert Higdon Jr.
“The operation and use of these services to disrupt the operations of our businesses and other institutions cannot be tolerated. Anyone who weaponizes web traffic in this manner will be vigorously pursued and prosecuted by my office.”
Usatyuk and his co-conspirator are said to have made over $550,000 from their DDoS-for-hire services.
Booter or stresser services are a popular way for budding cyber-criminals with little technical know-how to make money from DDoS attacks. One of the most popular, webstresser.org, was taken down by police in 2018 and was responsible for over four million attacks.
Europol recently launched an operation to track down its 150,000 customers.