Hacker pleads guilty to operating for-hire DDoS sites

Police agencies found the hacker after he used the IP of his address to access his platforms

According to network security and ethical hacking specialists from the International Institute of Cyber Security, a U.S. citizen has pleaded guilty to administering eight different online platforms that provided stresser services to deploy Denial of Service (DDoS) attacks between 2015 and 2017.

According to the legal documents related to this process, Sergiy Usatyuk (20 years old), from Orland Park, Illinois, managed the following sites QuezStresser.com, ExoStress.in, Betabooter.com, Instabooter.com, Databooter.com, Polystress.com, Zstress.net and Decafestresser, in complicity with a Canadian citizen whose name has not yet been revealed. 

According to network security specialists, Usatyuk ran these cyberattack services through a botnet composed of at least 30 large capacity servers. Usatyuk and his accomplice rented these servers from a cloud service company.

The investigation mentions that the defendant announced his DDoS services through HackForums.net, a popular hacking forum, using the pseudonym of ‘Andy’. In his ads, Usatyuk assured that “anyone can hire our DDoS service, regardless of the IP that decides to attack.” The hacking forum administrators decided to eliminate the ads of these services a couple of years ago. 

The court documents add that, in total, 3,829,812 DDoS attacks were launched from the sites operated by Usatyuk, causing hundreds of thousands of service shutdowns. The U.S. authorities confiscated 10.47 Bitcoin (about $540k USD) that were on the defendant’s account at the time of his arrest.

Network security experts mention that the authorities managed to find Usatyuk after the detainee now entered one of their servers in the cloud using the IP address linked to their previous Illinois address. In addition, the defendant accessed another of his servers from the IP of his current domicile in Florida.

Thanks to this information the authorities tracked Usatyuk’s server network, they could even track a hosting company called OkServers LLC, which Usatyuk used what supplier of bulletproof hosting, ignoring reports of traffic abuse generated by the DDoS services.

The authorities also gained access to Usatyuk’s online chat logs, from where he provided technical assistance to the clients of his DDoS services and managed the sites along with his accomplice.

Even the PayPal payment system detected the suspicious activity of Usatyuk, so the service decided to delete the ExoStresser account in 2016, so the hacker registered a domain intermediated to receive payment for their DDoS services.