Police agencies found the hacker after he used the IP of his address to access his platforms
According to network
security and ethical hacking specialists from the International
Institute of Cyber Security, a U.S. citizen has pleaded guilty to administering
eight different online platforms that provided stresser services to deploy Denial
of Service (DDoS) attacks between 2015 and 2017.
According to the legal documents related to
this process, Sergiy Usatyuk (20 years old), from Orland Park, Illinois,
managed the following sites QuezStresser.com, ExoStress.in, Betabooter.com,
Instabooter.com, Databooter.com, Polystress.com, Zstress.net and
Decafestresser, in complicity with a Canadian citizen whose name has not yet
been revealed.
According to network security specialists,
Usatyuk ran these cyberattack services through a botnet composed of at least 30
large capacity servers. Usatyuk and his accomplice rented these servers from a
cloud service company.
The investigation mentions that the defendant
announced his DDoS services through HackForums.net, a popular hacking forum,
using the pseudonym of ‘Andy’. In his ads, Usatyuk assured that “anyone can
hire our DDoS service, regardless of the IP that decides to attack.” The hacking
forum administrators decided to eliminate the ads of these services a couple of
years ago.
The court documents add that, in total,
3,829,812 DDoS attacks were launched from the sites operated by Usatyuk,
causing hundreds of thousands of service shutdowns. The U.S. authorities
confiscated 10.47 Bitcoin
(about $540k USD) that were on the defendant’s account at the time of his
arrest.
Network security experts mention that the
authorities managed to find Usatyuk after the detainee now entered one of their
servers in the cloud using the IP address linked to their previous Illinois
address. In addition, the defendant accessed another of his servers from the IP
of his current domicile in Florida.
Thanks to this information the authorities
tracked Usatyuk’s server network, they could even track a hosting company
called OkServers LLC, which Usatyuk used what supplier of bulletproof hosting,
ignoring reports of traffic abuse generated by the DDoS services.
The authorities also gained access to Usatyuk’s
online chat logs, from where he provided technical assistance to the clients of
his DDoS services and managed the sites along with his accomplice.
Even the PayPal payment system detected the
suspicious activity of Usatyuk, so the service decided to delete the
ExoStresser account in 2016, so the hacker registered a domain intermediated to
receive payment for their DDoS services.