RapperBot, a botnet-for-hire blamed for hundreds of thousands of DDoS attacks, has been yanked offline by the Feds, who also hauled in its alleged Oregon-based mastermind.
Ethan Foltz, 22, of Eugene, Oregon, is accused of running the sprawling network, also known as Eleven Eleven Botnet or CowBot, which prosecutors describe as “one of the most powerful DDoS botnets to ever exist.”
Between April and August this year, investigators say the Mirai-based RapperBot botnet fired off more than 370,000 attacks against some 18,000 victims in over 80 countries. The targets ranged from US government networks and defense-related services to social media platforms and Chinese gambling outfits, with some allegedly pressured for extortion payments.
Foltz was cuffed on August 6 when agents raided his home and seized command-and-control systems. Since then, RapperBot has been silent. If convicted on the charge of aiding and abetting computer intrusions, he faces up to 10 years in prison.
According to the Justice Department, the botnet’s firepower typically averaged 2-3 Tbps per attack, with RapperBot’s largest attack allegedly exceeding 6 Tbps. A DDoS attack averaging over 2 Tbps per second lasting 30 seconds might cost a victim anywhere from $500 to $10,000, US cops note.
That scale of carnage, coupled with its on-demand rental model, made it a prized tool in the cybercrime underground. Prosecutors said the outfit not only facilitated denial-of-service campaigns but also targeted the Department of Defense’s own networks.
The takedown was part of Operation PowerOFF, an international effort to dismantle DDoS services. The Defense Criminal Investigative Service led the probe, backed by the US Attorney’s Offices in Alaska and Oregon, with technical muscle supplied by AWS, Akamai, Cloudflare, Google, DigitalOcean, Flashpoint, PayPal, and Unit 221B. Together, they identified and yanked malicious infrastructure before it could be used to fire off further salvos.
AWS confirmed its role afterwards, noting in a post on LinkedIn that its threat detection tools and visibility into network traffic helped law enforcement dismantle the botnet. While details are thin, it marks another sign that hyperscale cloud providers are becoming increasingly central to large-scale cybercrime crackdowns.
US Attorney Michael Heyman praised the case as “outstanding investigatory work” that ended Foltz’s alleged career as a botnet wrangler. DCIS Special Agent in Charge Kenneth DeChellis said RapperBot posed “a direct threat” to the Department of Defense, and warned other would-be bot-herders to take note.
With Foltz awaiting trial and RapperBot’s servers firmly in government hands, the case underlines both the industrial scale of today’s DDoS-for-hire market and the value of public-private teamwork in knocking it offline. Whether the disruption deters others from renting or running similar botnets remains to be seen, but for now at least, one of the internet’s noisiest weapons has gone quiet. ®
**Get our** Tech Resources
RapperBot, a botnet-for-hire blamed for hundreds of thousands of DDoS attacks, has been yanked offline by the Feds, who also hauled in its alleged Oregon-based mastermind.
Between April and August this year, investigators say the Mirai-based RapperBot botnet fired off more than 370,000 attacks against some 18,000 victims in over 80 countries.
According to the Justice Department, the botnet’s firepower typically averaged 2-3 Tbps per attack, with RapperBot’s largest attack allegedly exceeding 6 Tbps.
A DDoS attack averaging over 2 Tbps per second lasting 30 seconds might cost a victim anywhere from $500 to $10,000, US cops note.
The takedown was part of Operation PowerOFF, an international effort to dismantle DDoS services.
RapperBot, a botnet-for-hire blamed for hundreds of thousands of DDoS attacks, has been yanked offline by the Feds, who also hauled in its alleged Oregon-based mastermind.
Ethan Foltz, 22, of Eugene, Oregon, is accused of running the sprawling network, also known as Eleven Eleven Botnet or CowBot, which prosecutors describe as “one of the most powerful DDoS botnets to ever exist.”
Between April and August this year, investigators say the Mirai-based RapperBot botnet fired off more than 370,000 attacks against some 18,000 victims in over 80 countries. The targets ranged from US government networks and defense-related services to social media platforms and Chinese gambling outfits, with some allegedly pressured for extortion payments.
Foltz was cuffed on August 6 when agents raided his home and seized command-and-control systems. Since then, RapperBot has been silent. If convicted on the charge of aiding and abetting computer intrusions, he faces up to 10 years in prison.
According to the Justice Department, the botnet’s firepower typically averaged 2-3 Tbps per attack, with RapperBot’s largest attack allegedly exceeding 6 Tbps. A DDoS attack averaging over 2 Tbps per second lasting 30 seconds might cost a victim anywhere from $500 to $10,000, US cops note.
That scale of carnage, coupled with its on-demand rental model, made it a prized tool in the cybercrime underground. Prosecutors said the outfit not only facilitated denial-of-service campaigns but also targeted the Department of Defense’s own networks.
The takedown was part of Operation PowerOFF, an international effort to dismantle DDoS services. The Defense Criminal Investigative Service led the probe, backed by the US Attorney’s Offices in Alaska and Oregon, with technical muscle supplied by AWS, Akamai, Cloudflare, Google, DigitalOcean, Flashpoint, PayPal, and Unit 221B. Together, they identified and yanked malicious infrastructure before it could be used to fire off further salvos.
AWS confirmed its role afterwards, noting in a post on LinkedIn that its threat detection tools and visibility into network traffic helped law enforcement dismantle the botnet. While details are thin, it marks another sign that hyperscale cloud providers are becoming increasingly central to large-scale cybercrime crackdowns.
US Attorney Michael Heyman praised the case as “outstanding investigatory work” that ended Foltz’s alleged career as a botnet wrangler. DCIS Special Agent in Charge Kenneth DeChellis said RapperBot posed “a direct threat” to the Department of Defense, and warned other would-be bot-herders to take note.
With Foltz awaiting trial and RapperBot’s servers firmly in government hands, the case underlines both the industrial scale of today’s DDoS-for-hire market and the value of public-private teamwork in knocking it offline. Whether the disruption deters others from renting or running similar botnets remains to be seen, but for now at least, one of the internet’s noisiest weapons has gone quiet. ®
Get our Tech Resources
