Sergiy Usatyuk admits one count of conspiracy to cause damage to internet-connected computers

A man has pleaded guilty to conspiracy to commit computer abuse for his role in websites selling distributed denial-of-service (DDoS) attacks.

The US Department of Justice (DoJ) yesterday named 20-year-old Sergiy P Usatyuk as the co-conspirator in a campaign to conduct cyber-attacks on behalf of paying customers.

Usatyuk, from Orland Park, Illinois, pleaded guilty to one count of conspiracy to cause damage to internet-connected computers for his role in “owning, administering, and supporting illegal booter services that launched millions of DDoS attacks in the US and elsewhere”.

He conspired with an unnamed individual, the court heard, to control a number of websites including ‘ExoStresser’, ‘Beatbooter’, and ‘Zstress’, which offered DDoS services to paying customers between August 2015 and November 2017.

They reportedly earned more than $550,000 from subscriber fees and by selling advertising on the websites.

The DoJ reported that as of September 12, 2017, ExoStresser’s booter service alone had launched more than 1.3 million DDoS attacks and downed targeted systems for a total of 109,000 hours.

These targeted DDoS attacks knocked websites offline, caused slow or interrupted network speeds, and disturbed normal business operations for a number of victims including a school district in Pittsburg, Pennsylvania.

The campaigns also created unintentional victims. The assault on the Pittsburg school district affected 17 organizations that share the same infrastructure, including a local Catholic Diocese.

“For over two years, Sergiy Usatyuk conspired to launch millions of DDoS attacks that paralyzed the computer systems of US organizations for more than 100,000 hours,” said assistant attorney general, Brian Benczkowski.

“The Criminal Division and our law enforcement partners will remain vigilant in protecting the American public by prosecuting the cybercriminals responsible for these sophisticated and harmful schemes.”

US attorney Robert Higdon added: “DDoS-for-hire services pose a malicious threat to the citizens of our district, as well as districts across the country, by impeding critical access to the internet and jeopardizing safety and security in the process.

“The operation and use of these services to disrupt the operations of our businesses and other institutions cannot be tolerated. Anyone who weaponizes web traffic in this manner will be vigorously pursued and prosecuted by my office.”

This latest conviction comes as law enforcement worldwide continues its mission to take down DDoS-for-hire websites.

Operation Power OFF is a coordinated effort by Europol and law enforcement in the Netherlands, the UK, Serbia, Croatia, Spain, Italy, Germany, Australia, Hong Kong, Canada, and the US.

Last year, the campaign saw the takedown of what was believed to be the world’s biggest marketplace for DDoS-for-hire, Webstresser.org.

Bespoke tools for malicious online activity were reportedly being sold for as low as €15 ($18) per month, allowing for four million attacks on banks, government, law enforcement, and the gaming industry, from October 2017 to April 2018.