Operation PowerOFF

Last updated
Seizure message placed on DDoS websites after raid Operation PowerOFF.png
Seizure message placed on DDoS websites after raid

Operation PowerOFF is an ongoing joint operation by the FBI, EUROPOL, the Dutch National Police Corps, German Federal Criminal Police Office , Poland Cybercrime Police and the UK National Crime Agency to close "booter/stresser" services offering DDoS attack services for hire. [1] Beginning in 2018, the operation shut down 48 websites offering DDoS services, and six people were arrested in the United States. [2] Multiple companies, including Cloudflare, PayPal, and DigitalOcean provided information to the FBI to assist in the seizure.[ citation needed ]

Contents

History

In 2018, the FBI closed down 15 DDoS websites with the Dutch National Police Corps. [3] On December 14, 2022, resuming this collaboration, the FBI and Department of Justice announced that they had closed multiple websites offering DDoS-for-hire services. [4] The FBI claimed that these websites offered services designed to slow down websites relating to gaming. [5] The FBI also noted that these services had heavy use, claiming that "Quantum", one of the seized services, was used to launch 50,000 attacks. After the shutdown, multiple law enforcement agencies collaborating with the FBI declared they would place advertisements on search engines, such as Google, that would educate the public on the legality of DDoS services. [6]

Aftermath

Six US citizens were indicted by FBI offices in California and Alaska. Three of the people arrested were from Florida, one from Texas, one from Hawaii, and one from New York. [7] The FBI asks that users with information related to the attacks contact their offices for tips and information related to the seized sites. [8]

Ongoing activity

As of November 2024, Operation PowerOFF activities were still ongoing, with further websites being seized and prosecutions continuing. [9] [10]

Related Research Articles

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">InfraGard</span> FBI Initiative for Public-Private Sector Infrastructure protection

InfraGard is a national non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members. InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to preventing hostile acts against the United States.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

<span class="mw-page-title-main">Operation Payback</span> Series of cyberattacks conducted by Anonymous

Operation Payback was a coordinated, decentralized group of attacks on high-profile opponents of Internet piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on major pro-copyright and anti-piracy organizations, law firms, and individuals. The Motion Picture Association of America, the Pirate Party UK and United States Pirate Party criticised the attacks.

<span class="mw-page-title-main">Silk Road (marketplace)</span> 2011–2013 darknet market most known for the sale of illegal drugs

Silk Road was an online black market and the first modern darknet market. It was launched in 2011 by its American founder Ross Ulbricht under the pseudonym "Dread Pirate Roberts." As part of the dark web, Silk Road operated as a hidden service on the Tor network, allowing users to buy and sell products and services between each other anonymously. All transactions were conducted with bitcoin, a cryptocurrency which aided in protecting user identities. The website was known for its illegal drug marketplace, among other illegal and legal product listings. Between February 2011 and July 2013, the site facilitated sales amounting to 9,519,664 Bitcoins.

Anonymous is a decentralised virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

<span class="mw-page-title-main">Operation In Our Sites</span> US federal Internet copyright enforcement

Operation In Our Sites is an ongoing effort by the U.S. government's National Intellectual Property Rights Coordination Center to detect and hinder intellectual property violations on the Internet. Pursuant to this operation, governmental agencies arrest suspects affiliated with the targeted websites and seize their assets including websites' domain names. Web users intending to access targeted websites are directed to the server operated by the U.S. government, and greeted with a graphic bearing the seals of the United States Department of Justice (DOJ), the National Intellectual Property Rights Coordination Center (NIPRCC), and U.S. Immigration and Customs Enforcement (ICE).

<span class="mw-page-title-main">Operation Onymous</span> International police operation targeting darknet markets

Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.

A darknet market is a commercial website on the dark web that operates via darknets such as Tor and I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products. In December 2014, a study by Gareth Owen from the University of Portsmouth suggested the second most popular sites on Tor were darknet markets.

<span class="mw-page-title-main">Dark0de</span> Online black marketplace and cybercrime forum

dark0de, also known as Darkode, is a cybercrime forum and black marketplace described by Europol as "the most prolific English-speaking cybercriminal forum to date". The site, which was launched in 2007, serves as a venue for the sale and trade of hacking services, botnets, malware, stolen personally identifiable information, credit card information, hacked server credentials, and other illicit goods and services.

<span class="mw-page-title-main">High Orbit Ion Cannon</span> Denial-of-service attack tool

High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Praetox Technologies and later released into the public domain. The security advisory for HOIC was released by Prolexic Technologies in February 2012.

Stresser services provide denial-of-service attack as a service, usually as a criminal enterprise.

<span class="mw-page-title-main">Dread (forum)</span> Online discussion forum hosted on the dark web

Dread is a Reddit-like dark web discussion forum featuring news and discussions around darknet markets. The site's administrators go by the alias of Paris and HugBunter.

<span class="mw-page-title-main">Distributed Denial of Secrets</span> Whistleblowing organization

Distributed Denial of Secrets, abbreviated DDoSecrets, is a nonprofit whistleblower site founded in 2018 for news leaks. The site is a frequent source for other news outlets and has worked on investigations including Cyprus Confidential with other media organizations. In December 2023, the organization said it had published over 100 million files from 59 countries.

<span class="mw-page-title-main">IT Army of Ukraine</span> Ukrainian cyberwarfare volunteer group

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.

Killnet is a pro-Russia hacker group known for its DoS and DDoS attacks towards government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. The group is thought to have been formed sometime around March 2022.

<span class="mw-page-title-main">SSNDOB</span> Criminal marketplace

SSNDOB was an online marketplace that sold stolen Social Security numbers, birth dates and other personal information of U.S. citizens starting in 2012 until it was shut down in June 2022 following a U.S. government seizure. It used the domain names ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz.

<span class="mw-page-title-main">BreachForums</span> Cybercrime forum

BreachForums, sometimes referred to as Breached, is an English-language black hat–hacking crime forum. The website acted as an alternative and successor to RaidForums following its shutdown and seizure in 2022. Like its predecessor, BreachForums allows for the discussion of various hacking topics and distributed data breaches, pornography, hacking tools, and various other services.

Operation Lobos, also known as Operation Wolves, was a Brazilian-centered 12-country multinational operation to target the operations of a TOR onion service known as Baby Heart. Additional objectives and targets of the joint operation were the deanonymization of the TOR host servers, TOR administrators, and TOR users associated with the target website and several other targeted websites/chat-sites that were alleged to contain or be used to traffic illegal images of child sexual abuse materials (CSAM) and other categories of legal nude and non-nude images of persons under 18. As of February 2024, the complete list of target websites/chat-sites involved in this operation has not been released by any government; however, the primary targets appeared to be the following: Baby Heart, Hurt-meh, Boyvids 4.0, Anjos Prohibidos (BR)/Forbidden Angels, and Loli Lust. Court documents have indicated that there were at least two other websites/chat-sites that were targeted; however, the names of the websites/chat-sites have not been made public.

References

  1. "Federal Prosecutors in Los Angeles and Alaska Charge 6 Defendants with Operating Websites that Offered Computer Attack Services". www.justice.gov. December 14, 2022.
  2. Paganini, Pierluigi (December 15, 2022). "FBI seized 48 domains linked to DDoS-for-Hire service platforms". Security Affairs.
  3. "Criminal Charges Filed in Los Angeles and Alaska in Conjunction with Seizures Of 15 Websites Offering DDoS-For-Hire Services". www.justice.gov. December 20, 2018.
  4. Muncaster, Phil (December 15, 2022). "Feds Hit DDoS-for-Hire Services with 48 Domain Seizures". Infosecurity Magazine.
  5. "Six Charged in Mass Takedown of DDoS-for-Hire Sites – Krebs on Security". 14 December 2022.
  6. "US seizes 48 websites used for DDoS attacks". My Broad Band. Bloomberg. 15 December 2022.
  7. Jessica Lyons (7 December 2022). "Microsoft: (Cyber) winter is coming as DDoS attack disrupts Russian bank". MSN. Retrieved 15 December 2022.
  8. "The FBI and International Law Enforcement Partners Intensify Efforts to Combat Illegal DDoS Attacks". Federal Bureau of Investigation.
  9. Muncaster, Phil (2023-05-09). "Operation Power Off: 13 More Booter Sites Seized". Infosecurity Magazine. Retrieved 2023-05-12.
  10. Zurier, Steve (December 12, 2024). "Law enforcement takes down 'DDoS-for-Hire' sites in Operation PowerOFF". SC Media.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.