Inside the world of "booters" -- cheesy DoS-for-hire sites

Brian Krebs delves into the world of "booter" services, low-level, amateurish denial-of-service websites where you can use PayPal to have your video-game enemies' computers knocked off the Internet by floods of traffic. Many booter services run off the same buggy codebase, and Krebs was apparently able to get inside the administrative interfaces for them and get some insight into their business.

One such is "Asylum," which appears to be run by Chandler Downs, a 17-year-old Chicago-area honor-roll student who reportedly made $35,000 in PayPal payments in exchange for denial-of-service attacks. Asylum even has an ad (narrated by an actor hired through the casual labor exchange site Fiverr) where, for $18/month, you can launch unlimited DoSes against "skids on Xbox live."

Young Mr Downs claimed that his service was not used to attack people, but only for legitimate stress-testing, then he changed his story and said he was only managing the service for someone else, and "You are able to block any of the 'attacks' as you say with rather basic networking knowledge. If you're unable to do such a thing you probably shouldn't be running a website in the first place."

Nixon noted that all of the packets incoming from the traffic she ordered to her test machines appeared to have been sent from spoofed IP addresses. However, when she used the “Down or Not?” host checker function on Asylum, the site responded from what appears to be the real Internet address of one of the servers that are used to launch the attacks: She noted that a booter service that appears to be a clone of Asylum – – is hosted on the same server.

Asylum, like most other booter services, is hidden behind Cloudflare, a content distribution network that helps sites block attacks that services like Asylum are designed to launch. Apparently, getting attacked is something of an occupational hazard for those running a booter services. Behind the Cloudflare proxy, Nixon found that the secret IP for the Asylum stresser Web frontend was

Both IP addresses map back to Voxility, a hosting facility in Romania that has a solid reputation in the cybercrime underground for providing so-called “bulletproof hosting” services, or those that generally turn a deaf ear to abuse complaints and requests from law enforcement officials. In January 2013, I profiled one data center at this ISP called that was being used as the home base of operations for the organized cybercrime gang that is currently facing charges of developing and distributing the Gozi Banking Trojan.

According to Krebs, "Between the week of Mar. 17, 2013 and Mar. 23, 2013, was used to launch more than 10,000 online attacks."

DDoS Services Advertise Openly, Take PayPal


  1. Hey why can’t we just hire a few of these folks to attack each other.  Sorta of like dividing by zero or maybe Escher!

  2. No doubt  Mr Downs will rip off the wrong person one day and get his nervous system wrecked so he has to spend his dying days in Chiba, trading small amounts of random access memory for moderate amount of money and sleeping in really cheap places.

  3. But he’s obviously offering a service that people are willing to pay for? I mean as an American that’s just straight up Capitalism to me. I mean right?

  4. How does Cloudflare come into play in all of this? 

     In TFA they come across as using their CDN to shield these DoS attacks, yet I could have sworn NPR had someone from Cloudflare on bragging about how they stopped the Spamhaus attack.  

  5. A few years ago I found out that DDoS attacks were being used on successful websites to extort money from companies. I talked to some engineers at NNOG who were working on this issue. What was interesting was that although the ones for money were troubling, the ones that people did for personal reasons were higher. So some of them were political and are just because they were pissed off. This makes sense as a way to “win” against an opponent when you can win in the game space.

    BTW, this might make for an interesting follow up story. Talk to some of the people who bought this and why. Ask if them if they ever admitted their actions and if it because a MAD arms race between players.

  6. Wow, I just read “When Sysadmins Ruled the Earth” today. This feels very much like Life-imitating-Art! 

Comments are closed.