Denial-of-Service attacker tells Brian Krebs he's working for the FBI

Last week, I blogged Brian Krebs's amazing piece on AsylumBooter, a cheesy denial-of-service-for-hire site apparently run by a 17-year-old Chicago-area honor-roll student named Chandler Downs, whose PayPal account was flush with more than $30,000 paid by people who'd launched more than 10,000 online attacks.

Now, Krebs has uncovered an even weirder booter story: Ragebooter is another DoS company, but this one is run by a guy who claims to be working part time for the FBI, and who says that the FBI has its own login to his site, and review all the IP addresses and other traffic data it logs.’s registration records are hidden behind WHOIS privacy protection services. But according to a historic WHOIS lookup at, that veil of secrecy briefly fell away when the site was moved behind, a content distribution network that also protects sites against DDoS attacks like the ones Ragebooter and its ilk help to create (as I noted in Monday’s story, some of the biggest targets of booter services are in fact other booter services). For a brief period in Oct. 2012, the WHOIS records showed that was registered by a Justin Poland in Memphis...

... “I also work for the FBI on Tuesdays at 1pm in memphis, tn,” Poland wrote. “They allow me to continue this business and have full access. The FBI also use the site so that they can moniter [sic] the activitys [sic] of online users.. They even added a nice IP logger that logs the users IP when they login.”

When I asked Poland to provide more information that I might use to verify his claims that he was working for the FBI, the conversation turned combative, and he informed me that I wasn’t allowed to use any of the information he’d already shared with me. I replied that I hadn’t and wouldn’t agree that any of our discussion was to be off the record, and he in turn promised to sue me if I ran this story. That was more or less the end of that conversation.

Poland gave Krebs the working personal number of an FBI agent identified as "Agent Lies," who put him onto the FBI's press contact, who stonewalled. Meanwhile, Ragebooter leaks a lot of info and there's some reason to believe that the FBI really does have its own back door.

Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor?


  1. I certainly wouldn’t put it past a slimy DDoS merc to be lying; but that also seems like the sort of arrangement that the FBI would find very convenient indeed.

    We know *cough* Whitey Bulger*cough* that our friendly feds have been… flexible… in the past about the behavioral standards of their collaborators. In the case of a DDoS, which is potentially costly and disruptive; but produces no media splash or victims likely to get long-term play, I’d imagine that ignoring the operator in exchange for a steady stream of dumb opportunists filing into his office to commit interstate felonies under your watchful gaze would be pretty attractive.

    1. Apparently he’s willing to tell random strangers who his clients are.  In a sensitive business, that doesn’t exactly scream ‘consummate professional.’

  2. Totally Monday night quarterbacking, but it would have been awful funny if, when the kid realized he wasn’t off-record, Mr. Reporter put the screws to him. “Y’know, it would be pretty rough on your business if people knew the FBI was monitering [sic] their activitys [sic] . Let’s talk.”

    Honestly, I just wanted more squirming.

    1. Unfortunately, the ‘kid’ has “Primal Rage” tattooed on his back in the Transformers font… I suspect that he isn’t… entirely… well calibrated in his sense of consequences.

      1. Too true. I also appreciated this bit:

        “Poland admitted in one of our Facebook chats that his own site was recently breached, leading to the leak of ragerbooter’s user database; the attackers broke into his Skype account, and then rifled through his Skype chats until they found login credentials to his servers.”

        I did some poking around for a client that had been hit with one of these 13347 DDoS attacks. I would actually consider it a professional courtesy if just once one of them showed evidence of an active brain cell.

Comments are closed.