Hire DDoS attack service 'legal' and connected to FBI

Hire DDoS attack service 'legal' and connected to FBI

Summary: A service which boots websites offline for payment is legitimate, says the owner. But why a backdoor monitored by the FBI?

SHARE:
13
logocofbi

A website that can be described as "DDoS for hire" is perfectly legitimate, according to the owner. Considering the FBI is secretly monitoring the site's customers through a backdoor, is that the end of the story?

Ragebooter.net is one of many sites that accepts payment — through PayPal — in order to flood sites with junk traffic, overloading servers and denying others access. The service uses a technique called DNS reflection to flood a website and amplify the amount of traffic directed at an address; the attacker is required to spoof the IP address of lookup requests and then bounce them off open domain name system servers. This has the potential to amplify a traffic torrent by up to 50 times.

However, what makes Ragebooter different is the hidden backdoor allegedly used by the Federal Bureau of Investigation, which allows the agency to secretly monitor what customers are up to.

In a recent profile of the DDoS hiring service by KrebsonSecurity reporter Brian Krebs, the owner of the site is revealed as Tennessee-based Justin Poland. After hunting down the owner through social media and securing an interview, Krebs found the proprietor unapologetic and defensive about the legality of the service. Poland told the reporter:

"Since it is a public service on a public connection to other public servers this is not illegal. Nor is spoofing the sender address. If the root user of the server does not want that used they can simply disable recursive DNS. My service is a legal testing service. How individuals use it is at their own risk and responsibilities.

I do not advertise this service anywhere nor do I entice or encourage illegal usage of the product. How the user uses it is at their own risk. I provide logs to any legal law enforcement and keep logs for up to 7 days."

Poland then revealed that he works with the FBI, which allows the business to stay online in return for full access and the ability to monitor customer activity. The agency also added an IP logger to the backdoor system so it could log user IPs as they access the service.

Krebs recounts that Ragebooter's owner did not stipulate off-the-record conversation, and threatened to sue if the agency's involvement with the service was shared. After contacting the FBI's press office, they could neither confirm or deny Poland's claims. Spokesman for the Memphis FBI field office commented:

"People come forward all the time and make claims they are working with us, and sometimes it's true and sometimes it’s not. But it wouldn't be prudent for us to confirm that we have individuals helping us or assisting us, either because they're being good citizens or because they're somehow compelled to."

What gives the story another twist, however, is that researchers found that junk traffic floods include the ragebooter.net username. In addition, the site itself was hacked this year and the credentials of users were leaked online.

Ragebooter.net appears to account for more than 400 attacks per day.

Topics: Security, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Say what?!

    You're kidding, right? I mean, I can understand how it might be legal for a security firm to simulate a DDOS attack against a client for testing purposes, but this doesn't sound like that at all. I would certainly hope that any firm openly selling DDOS services would be promptly shut down by the Feds. OTOH, if this "business" is really just an FBI honeypot... well, that would explain why it's still in business.
    dsf3g
    • Name a Statue Being Violated

      Laws do not keep up with technology.
      Laws must be specific or they are not enforceable.
      You cannot charge someone with, "I think that ought to be against the law".
      Patrickgood1
  • Nothing new here

    Law enforcement has a long history of sanctioning "private citizens" to break the law as a way around constitutional restrictions. The Supreme Court in the last 40 years has consistently given its blessing to authorities to do this, even to the point of granting preemptive and unconditional immunity.
    terry flores
    • One thing that irks me about this...

      Our government believes the laws they make do not apply to them. The government protects itself, not the people. It has no problem doing things like DDoS attacks or even trafficking drugs, as long as it serves their agenda. If a citizen is helping them serve their agenda, then they're sanctioned to break the law. They're basically reasoning that it's really only breaking the law, if it doesn't serve their purposes. The rules should apply to everyone equally.
      BillDem
  • Wow

    If I'm not mistaken, there are people who sit behind bars today for these same kind of attacks, correct? Now it's monetized? If that's not a slap in the face I don't know what is.
    jhnnybgood
  • The most important take away...

    "the attacker is required to spoof the IP address of lookup requests and then bounce them off open domain name system servers."

    Can someone tell me why there would still be an open domain name server on the face of the Earth?
    omb00900@...
    • The article says "open", but this is probably paraphrased ...

      from Poland's comment about bouncing off of recursive servers. Recursion is required for any DNS server that provides end-client resolution (such as an ISP) rather than being authoritative for a set of specific domains.
      dh1760
  • I don't think I buy any of that

    But if DDoS attacks are legal, then Congress has some work to do. And if the FBI is cooperating with this, then its Director has some explaining to do.
    John L. Ries
    • Director Got 'splainin to do?

      Never going to happen. I doubt the FBI is working with this yahoo.

      How much does he charge? Let's have him attack fbi.gov
      Patrickgood1
  • If you look at the site,

    it looks about as legitimate as a Nigerian Prince trying to buy your old MacBook Pro for more than what you originally paid for it.
    Champ_Kind
  • Still illegal

    If this guy is a bot herder and his bot is abusing other people's name servers to reflect the attack it is illegal and he should be shut down.
    Swarley
    • Illegal Under What Statute?

      I liked it much better when you had problem with someone you go to them and beat the crap out of them. DDoS attack, what a pussy way to do things.
      Patrickgood1
  • Just to clarify

    Sorry I didn't see this article until now; I didn't realize the mainstream sites mangled this sorry so badly.

    What happened here was the kid got nabbed by the FBI for DDoSing. He even gave Krebs his FBI handler's personal phone number! There is literally no better confirmation, since the FBI will *never* confirm or deny something like that, especially since it's an active investigation.

    It's very common for the FBI to catch one of these criminals, then get them to catch all their 'friends' and operate services as a honeypot - in return they don't go to prison for the rest of their life. This is how they took down Lulzsec, for example.
    Kernkraft400