Threat actors, for all intents and purposes, are wise individuals. They have advanced minds and they always try to be a step ahead when it comes to covering their tracks before authorities and investigators complete the puzzle. Unfortunately, for some of them, they have not yet reached the art of cover-up as they leave their ‘digital footprints, which sooner or later allowed authorities to catch them for good.
This is what happened with Sergiy Getrovich Usatyuk, also known under the aliases: GIFTEDPV.P, GIFTEDPVP, Andy Quez, Andrew Quez, Andy and Sergio Usatyuk. The 20-year old resident of Chicago Illinois, he pleaded guilty for 8 campaigns of DDoS attacks under the domain names Zstress.net, Databooster.com, ExoStress.in, QuezStresser.com,Decafestresser, and Betabooster with enhancements provided by the botnet he also helps create. He initially launched his campaigns through the use of public rented servers.
“In just the first 13 months of the 27-month long conspiracy, the Subject Booters’ users ordered approximately 3,829,812 DDoS attacks. As of September 12, 2017, ExoStresser advertised on its website (exostress.in) that its booter service alone had launched 1,367,610 DDoS attacks, and caused targets to suffer 109,186.4 hours of network dowtime (4,549 days),” the court record said.
Usatyuk was caught due to his own negligence when his home IP address attempted to log in to the cloud servers was later found out during the digital forensic investigation. The IP address he used in Darien Illinois and Hollywood, Florida where verified as his by the investigators, which brought strong suspicion about his Internet activities. With the IP address in hand, authorities were able to detect the hosting provider, the chat logs and technical support correspondents between him and his ‘customers’ in this illegal DDoS business.
“For over two years, Sergiy Usatyuk conspired to launch millions of DDoS attacks that paralyzed the computer systems of U.S. organizations for more than 100,000 hours. The Criminal Division and our law enforcement partners will remain vigilant in protecting the American public by prosecuting the cybercriminals responsible for these sophisticated and harmful schemes,” emphasized Assistant Attorney General Benczkowski.
The surveillance leading to the arrest of Usatyuk is not easy, since the surveillance started 3 years ago, in 2016. Of all his services, ExoStresser is one of the most successful, as his customers can easily launch DDoS attacks against a target of their own choosing. Including DDoS attacks against a school by its own student, who was his customer.
“The Subject Booters’ DDoS attacks also harmed computer systems that were not directly targeted. For example, in November 2016, a Betabooter subscriber launched a series of DDoS attacks against a school district in Pittsburgh, Pennsylvania area that not only disrupted the school district’s computer systems, but affected the computer systems of seventeen organizations that shared the same computer infrastructure. Including other school districts, the county government, the county’s career and technology centers and a Catholic Diocese in the area,” the court record explained.
DDoS-for-hire businesses are not new in the field of cybersecurity field, but not a popular one either. The people behind it uses botnets in order to hide from forensics, however, human mistakes of the people behind it may one way or another can blew their cover. “DDoS-for-hire services pose a malicious threat to the citizens of our district, as well as districts across the country, by impeding critical access to the internet and jeopardizing safety and security in the process. The operation and use of these services to disrupt the operations of our businesses and other institutions cannot be tolerated. Anyone who weaponizes web traffic in this manner will be vigorously pursued and prosecuted by my office,” concluded U.S. Attorney Higdon.