A US court has sentenced the operator of a massive DDoS service to 13 months in prison.
Sergiy Usatyuk, 21, from Orland Park, IL was handed the term – along with a $542,925 forfeiture order – after pleading guilty earlier this year to one count of conspiracy to cause damage to internet-connected computers. He will also have to serve three years of supervised release, the North Carolina Eastern US District Court ruled.
Usatyuk and an unnamed conspirator from Canada owned and operated a group of “booter” sites that offered for-hire DDoS attacks. Prosecutors said [PDF] that from August 2015 through November 2017 Usatyuk and his partner ran more than a half-dozen different sites all offering “booter” or “stresser” services. Customers would pay the pair to launch sustained floods of traffic at target sites and network, taking them down for days at a time.
“In just the first 13 months of the 27-month long conspiracy, the [booter] users ordered approximately 3,829,812 DDoS attacks,” the court was told.
“As of September 12, 2017, ExoStresser advertised on its website (exostress.in) that its booter service alone had launched 1,367,610 DDoS attacks, and caused targets to suffer 109,186.4 hours of network downtime (-4,549 days).”
Some of the targets of the attacks included video game developers and a Pennsylvania school district. In the latter, collateral damage from the DDoS resulted in the crash of not only the school district’s network but also those of several county offices and the local Catholic Diocese.
Prosecutors say that, when all was said and done, Usatyuk and his partner managed to make north of $550,000 from the attacks.
“DDoS-for-hire services pose a malicious threat to the citizens of our district, as well as districts across the country, by impeding critical access to the internet and jeopardizing safety and security in the process,” said US Attorney Robert Higdon Jr, one of the prosecutors in the case.
“The operation and use of these services to disrupt the operations of our businesses and other institutions cannot be tolerated. Anyone who weaponizes web traffic in this manner will be vigorously pursued and prosecuted by my office.” ®