A website that can be described as "DDoS for hire" is perfectly legitimate, according to the owner. Considering the FBI is secretly monitoring the site's customers through a backdoor, is that the end of the story?
Ragebooter.net is one of many sites that accepts payment — through PayPal — in order to flood sites with junk traffic, overloading servers and denying others access. The service uses a technique called DNS reflection to flood a website and amplify the amount of traffic directed at an address; the attacker is required to spoof the IP address of lookup requests and then bounce them off open domain name system servers. This has the potential to amplify a traffic torrent by up to 50 times.
However, what makes Ragebooter different is the hidden backdoor allegedly used by the Federal Bureau of Investigation, which allows the agency to secretly monitor what customers are up to.
In a recent profile of the DDoS hiring service by KrebsonSecurity reporter Brian Krebs, the owner of the site is revealed as Tennessee-based Justin Poland. After hunting down the owner through social media and securing an interview, Krebs found the proprietor unapologetic and defensive about the legality of the service. Poland told the reporter:
"Since it is a public service on a public connection to other public servers this is not illegal. Nor is spoofing the sender address. If the root user of the server does not want that used they can simply disable recursive DNS. My service is a legal testing service. How individuals use it is at their own risk and responsibilities.
I do not advertise this service anywhere nor do I entice or encourage illegal usage of the product. How the user uses it is at their own risk. I provide logs to any legal law enforcement and keep logs for up to 7 days."
Poland then revealed that he works with the FBI, which allows the business to stay online in return for full access and the ability to monitor customer activity. The agency also added an IP logger to the backdoor system so it could log user IPs as they access the service.
Krebs recounts that Ragebooter's owner did not stipulate off-the-record conversation, and threatened to sue if the agency's involvement with the service was shared. After contacting the FBI's press office, they could neither confirm or deny Poland's claims. Spokesman for the Memphis FBI field office commented:
"People come forward all the time and make claims they are working with us, and sometimes it's true and sometimes it’s not. But it wouldn't be prudent for us to confirm that we have individuals helping us or assisting us, either because they're being good citizens or because they're somehow compelled to."
What gives the story another twist, however, is that researchers found that junk traffic floods include the ragebooter.net username. In addition, the site itself was hacked this year and the credentials of users were leaked online.
Ragebooter.net appears to account for more than 400 attacks per day.