November 9, 2017

In May 2013 KrebsOnSecurity wrote about Ragebooter, a service that paying customers can use to launch powerful distributed denial-of-service (DDoS) attacks capable of knocking individuals and Web sites offline. The owner of Ragebooter subsequently was convicted in 2016 of possessing child pornography, but his business somehow lived on while he was in prison. Now just weeks after Poland made probation, a mobile version of the attack-for-hire service has gone up for sale on the Google Play store.

In the story Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor, I profiled then 19-year-old Justin D. Poland from Memphis — who admitted to installing code on his Ragebooter service that allowed FBI investigators to snoop on his customers.

Last February, Poland was convicted of one felony count of possession of child pornography, after investigators reportedly found 2,600 child pornography images on one of his computers. Before his trial was over, Poland skipped town but his bondsman later located him at his mother’s house. He was sentenced to two years in jail.

Poland did not respond to multiple requests for comment, but on his Facebook account Poland said the images belonged to his former roommate — David Starliper — who’d allegedly used Poland’s computer. Starliper also was convicted of possessing child pornography and sentenced to two years in prison.

In September 2017, Poland began posting on his Facebook account that he had made parole and was getting ready to be released from prison. On Oct. 6, the first version of the Android edition of Ragebooter was put on sale at Google’s Play Store.

The mobile version of Ragebooter.

Poland’s Facebook page says he is the owner of ragebooter[dot]com, ragebooter[dot]net, and another site called vmdeploy[net]. The advertisement for Ragebooter’s new mobile app on Google Play says the developer’s email address is contact@rageservices[dot]net. The registration details for rageservices[dot]net are hidden, but the Web site lists some useful contact details.

One of them is a phone number registered in Memphis — 901-219-3644 — that is tied to a Facebook account for an Alex Slovak in Memphis. The other domain Poland mentions on his Facebook page — vmdeploy[dot]net — was registered to an Alex Czech from Memphis. It seems likely that Alex has been running Ragebooter while Poland was in prison. Mr. Slovak/Czech did not respond to requests for comment, but it is clear from his Facebook page that he is friends with Poland’s family.

Rageservices[dot]net advertises itself as a store for custom programming and Web site development. Its content is identical to a site called QuantumServices. A small purchase through the rageservices[dot]net site for a simple program generated a response from Quantum Services and an email from quantumservicesweb@gmail.com. The person responding at that email address declined to give his or her name, but said they were not Justin Poland.

Figures posted to the home page of ragebooter[dot]net claim the service has been used to conduct more than 310,000 DDoS attacks. Memberships are sold in packages ranging from $3 per day to $300 a year for an “enterprise” plan. Ragebooter[dot]net includes a notice at the top of the site indicating that rageservices[dot]net is indeed affiliated with Ragebooter.

If Poland still is running Ragebooter, he may well be violating the terms of his parole. According to the FBI, the use of DDoS-for-hire services like Ragebooter is illegal.

In October the FBI released an advisory warning that the use of booter services — also called “stressers” — is punishable under the Computer Fraud and Abuse Act, and may result in arrest and criminal prosecution.

“Booter and stresser services are a form of DDoS-for-hire— advertised in forum communications and available on Dark Web marketplaces— offering malicious actors the ability to anonymously attack any Internet-connected target. These services are obtained through a monetary transaction, usually in the form of online payment services and virtual currency. Criminal actors running booter and stresser services sell access to DDoS botnets, a network of malware-infected computers exploited to make a victim server or network resource unavailable by overloading the device with massive amounts of fake or illegitimate traffic.”


32 thoughts on “DDoS-for-Hire Service Launches Mobile App

  1. Moike

    The app permissions that Ragebooter requires are … interesting for something that offers no more functionality than a simple web page.

  2. Canuck

    Why is Google allowing this to be sold via their platform? Are they then not liable as well – it’s not like the product is trying to hide what it is for.

    1. Mahhn

      Same reason they don’t notify people that apps they prior downloaded were malicious, after google removes them. They don’t care, they don’t take responsibility, and are not trust worthy.

  3. Chris

    Is it coincidence that the last names are Poland, Slovak and Czech? Poland, Slovakia and Czech Republic are neighboring countries…

    1. Pete

      Yeah, from the description it looks like “Mr. Alex Slovak/Czech from Memphis” might be a made up (non)identity, possibly an alias of mr. Poland.

    2. Wharrgarble

      I bet Brian is really Hungary for information on this guy.

  4. Drone

    This is long overdue. There’s a BIG market for take-down services in the pool of self-obsessed young social media zombies who rarely lift their eyes from their smart phones.

  5. Brian Fiori (AKA The Dean)

    Two years for child pornography and bail jumping? Maybe now he will get some punishment that actually fits the crimes he commits. And, for the record, I don’t necessarily think it’s just longer jail time. But obviously that slap on the wrist didn’t dissuade this miscreant. There has to be some sort of arrangement that will get him to pay attention.

    1. xxxx

      Two years seems like the polar opposite of a “slap on the wrist” for victimless crimes.

      1. Tom

        Child abuse is a victimless crime? Well, if stupidity was punishable, you would be doing some serious time now.

        1. XXXX

          Possession of some jpgs from the internet is literal child abuse now? I’m sorry, but by your logic it’s probably you who should be doing time. You literally want to put this guy in prison for jerking off in his basement.

          Child abuse is absolutely not victimless, but possessing of child porn really only tends to victimize the person with the material.

          This is a mental illness, why not treat those suffering from it instead of essentially criminalizing their existence?

            1. Infosec Pro

              Criminalizing mental illness. No victim other than the sick individuals who drew and shared sketches of imaginary kinks. They need medical help and instead get charged and incarcerated.

          1. Sean

            Yes, possession of CP images is child abuse. Congress specifically found, when enacting the Adam Walsh Act, that each time an image of child pornography is reproduced, sold, or disseminated, the child is victimized again.

            Further, from a simply supply/demand perspective, it is the demand for these images results in the continuing abuses of children. The downloading and possession of the images is a byproduct of demand, and possession of 2,300 CP images demonstrates a high demand. So long as there is such demand, and there are means by which such demand can be fulfilled, children will continue to be victimized.

    2. Matt K

      Assuming he committed the crime in the first place. Considering his roommate was also convicted makes his story about his roommate being the guilty party a lot more plausible. Of course, in cases involving sex crimes it’s pretty much always guilty until proven innocent and then still guilty.

    3. John Buxton

      His lite sentence is understandable. The justice system’s corrupting plea bargaining system allowed for this because of his agreeing to place an FBI backdoor into Ragebooter. Is anyone actually thinking that the backdoor is no longer there?

  6. Old School

    As of 7:13 am central time, Ragebooter and IP Booter from SaintGaming are still on Google Play. cnet.com has: “Jan 20, 2017 – From SaintGaming: Our stress/ddos testing power is excellent. We are providing custom stress testing methods for best user experience.” Now any idiot can become a menace to society.

  7. Paul C.

    Reading through Justin’s timeline on FB is great. How is this guy even smart enough to do any of this?

  8. The Barrister

    The phone number is registered to three people: Jaudon Logan, Alexander Check, and Geoffrey Check. Databases show a Jaudon Logan in KY. The is no other information on Alex Check or Geoffrey Check in TN or in WV (where Poland was living at the time of his arrest and conviction). I found no records for Alex Slovak, either.

  9. L.

    There was also a well-respected VPN that was corrupted by the FBI when the owner got into trouble with law enforcement.

    I was horrified to see that Kim Dotcom recommended this same VPN, and he certainly doesn’t work for the U.S. government. He was just sucked in like many others.

    Use ProtonVPN or nothing.

    1. Anon

      So you are saying that proton vpn is good or bad?
      And whAt was the name of the vpn that got corrupted of which you talked about in your comment??

      And I was looking for good free Vons so do your u recommend this protonvpn’s service ? They dont track right ?

  10. dhtdvxet

    Only 2 years in jail. Sorry dear people but it’s bloody ridiculous.

  11. AviH

    Until law enforcement takes the threat of booters and DDoS for hire services seriously nothing is going to be done about it. Hopefully, they investigate Poland’s parole, but this isn’t about a single individual but rather the continued pervasiveness of DDoS-for-hire apps and services.

    At least, Google finally took Ragebooter off the Play store. It’s important for vendors to follow the rules and keep criminals away. We just saw an employee use another booter service to attack his employee and, well, we all know how many gamers do this already.

    We can talk about the “Dark Web” but right now, these things are still very much out in the open. (And, just like we need locks on our doors, shows the needs for site owners to have at least basic DDoS protection as well).

  12. Cherry

    Good article – good starting point. If you wanna get more infor about software outsourcing company in Vietnam please visit my site

  13. Soneone

    I know him closely as a friend in person and was around for all of it.

    1. He doesn’t run it anymore.
    2. Hes telling the truth about his roommate doing it not him. He was just always careless about letting just anyone do whatever they wanted on it and not check. The guy has also already been convicted as a sex offended for other things.
    3. He didn’t skip town to run. To be honest I did forget why, but I remember it was a misunderstanding.
    4. Rage booger was never connected to it. He was in trouble for other things but allowed him to continue it. They just monitored what he was doing, nothing harmful.

    I normally read these kinds of things and move on but being a best friend if his and knowing truth, I had to give you this information.

  14. rondity

    The app is no longer available on Google Play store. Google was probably notified and it was then pulled it down. Considering that there are millions of apps on Google Play store, Google can only do so much to ensure that apps are free of malicious code, as well as ensure they are for public good. Proactive users can help in the fight against malicious software by notifying Google or any other website that hosts software downloads.

Comments are closed.