A Pennsylvania man who operated one of the Internet’s longest-running online attack-for-hire or “booter” services was sentenced to five years probation today. While the young man’s punishment was heavily tempered by his current poor health, the defendant’s dietary choices may have contributed to both his capture and the lenient sentencing: Investigators say the onetime booter boss’s identity became clear after he ordered a bacon and chicken pizza delivered to his home using the same email address he originally used to register his criminal attack service.
David Bukoski, 24, of Hanover Township, Pa., pleaded guilty to running Quantum Stresser, an attack-for-hire business — also known as a “booter” or “stresser” service — that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline.
Investigators say Bukoski’s booter service was among the longest running services targeted by the FBI, operating since at least 2012. The government says Quantum Stresser had more than 80,000 customer subscriptions, and that during 2018 the service was used to conduct approximately 50,000 actual or attempted attacks targeting people and networks worldwide.
The Quantum Stresser Web site — quantumstress[.]net — was among 15 booter services that were seized by U.S. and international authorities in December 2018 as part of a coordinated takedown targeting attack-for-hire services.
Federal prosecutors in Alaska said search warrants served on the email accounts Bukoski used in conjunction with Quantum Stresser revealed that he was banned from several companies he used to advertise and accept payments for the booter service.
The government’s sentencing memorandum says Bukoski’s replies demanding to know the reasons for the suspensions were instrumental in discovering his real name. FBI agents were able to zero in on Bukoski’s real-life location after a review of his email account showed a receipt from May 2018 in which he’d gone online and ordered a handmade pan pizza to be delivered to his home address.
While getting busted on account of ordering a pizza online might sound like a bone-headed or rookie mistake for a cybercriminal, it is hardly unprecedented. In 2012 KrebsOnSecurity wrote about the plight of Yuriy “Jtk” Konovalenko, a then 30-year-old Ukrainian man who was rounded up as part of an international crackdown on an organized crime gang that used the ZeuS malware to steal tens of millions of dollars from companies and consumers. In that case, Konovalenko ultimately unmasked himself because he used his Internet connection to order the delivery of a “Veggie Roma” pizza to his apartment in the United Kingdom.
Interestingly, the feds say their examination of Bukoski’s Internet browsing records showed he knew full well that running a booter service was punishable under federal law (despite disclaimers published on Quantum Stresser stating that the site’s owners weren’t responsible for how clients used the service).
“The defendant’s web browsing history was significant to investigators for a number of reasons, including the fact that it shows that the defendant browsed an article written by a prominent security researcher referencing both the defendant’s enterprise along with a competing service, including a link provided by the researcher in the article to an advisory posted by the FBI warning that the operation of booter services was potentially punishable under federal law,” reads the sentencing memo from Assistant U.S. Attorney Adam Alexander.
That’s interesting because the article in question was actually a 2017 KrebsOnSecurity story about a mobile app tied to a competing booter service that happened to share some of the same content as Quantum Stresser.
That 2017 story referenced an FBI advisory that had just been issued warning the use of booter services is punishable under the Computer Fraud and Abuse Act, and may result in arrest and criminal prosecution.
Bukoski was sentenced to five years of probation and six months of “community confinement.” The government suggested a lenient sentence considering the defendant’s ongoing health complications, which include liver failure.
You might want to mask that ZIP+4 or at least the last four digits. It took me less than a minute to find Bukoski’s address.
What address dude? It’s not his home address, it’s a Domino’s location. Check the place on Google Maps > 2244 sans souci pkwy hanover twp pa
And blanking the name of the pizza place doesn’t do much when you leave the address 🙂
since when is a town’s zip code considered personal information? and the address is for the pizza store, not the booter guy
It’s a delivery order. It has both addresses. And zip+4 is pretty much the same as saying which block, if not the exact address.
The screen shot was redacted by the feds and not by me. Also, it is now a public record.
Brian, all your stories are worthy of a read, just like your book. The alliteration in the title was priceless however!
Should’ve fit his name in there, too.
“Booter Boss Bukoski Busted By Bacon Pizza Buy”
And speaking of names, I wonder what he got called in junior high. That must have been really demeaning.
(And if you don’t know what I’m talking about, you probably don’t want to. But I will tell you it’s a Japanese word.)
Crazy, I use to live in Wilkes Barre which is the city right next store to Hanover Township. That address on
Sans Souci Parkway is a Pizza Hut !
Anyone should get caught eating food out of that joint !
That’s not a Pizza Hut, it’s a Domino’s
Best headline ever! Multiple points for alliteration and content.
I’ve prompted a fair few arrests while investigating card fraud because the crooks have followed up their successful online purchases (to drop addresses) with a celebratory pizza order. Pizza doesn’t go to a drop address 😉
Have you thought of becoming the headline writer for the N. Y. Post? I have insider information that the guy who has been doing it just retired.
I pray that Krebs wouldnt let himself get pulled back into the corrupt and heavily censored world of leading news agencies.
He’s better off doing this, both for himself and for the world.
Yikes! I have a customer right up the street at 1266 Sans Souci Parkway in the self-storage business. Small world. Been up and down that road lots of times.
Interesting. Google “David Bukoski Pennsylvania” and you get an article about a hit man going to Canada to kill Bukoski’s ex-girlfriend and her current boyfriend. I wonder how much more there is to this story? https://www.mcall.com/news/police/mc-nws-lafayette-twitter-threats-casdorph-bombing-20190124-story.html
I just did the same thing before I read this comment! I didn’t go too deep in the weeds, but it is very interesting for sure.
if it’s the same Bukoski, I don’t think the story is over for him yet
Oh, it’s the same guy for sure. Here’s the next-to-last paragraph in that article:
“A separate complaint charging two other men with computer offenses in federal court in California alleges QuantumStress was used to carry out or attempt more than 50,000 denial of service attacks, in which vulnerable computers are hijacked to flood websites with requests for information, knocking them offline.”
He’s also in trouble in Ontario, apparently for child porn:
“The charges against Bukoski in Ontario stem from the alleged distribution of compromising images of his former girlfriend, who was a minor at the time.”
Looks like he already put in his guilty plea for that crime.
As the ex girlfriend, there’s a lot more.
I’m not surprised that a criminal might forget he used the email address 6 years ago for a criminal purpose when he orders a pizza.
Perhaps to insure OpSec, criminals should use email addresses like “use4myCrimes@isp.com” 😉
Sans Souci is French for “carefree” … not so carefree anymore!
Probation,,,,,, likely has a million bucks spread out in banks and crypto.
It’s a wonder everyone isn’t a computer criminal, the pay is great and the punishment is next to nothing. The average million dollar thief that gets caught spends less time in jail than it would take to earn a fraction of it. When you get out you still have it and live the rest of your life on easy street. If I wasn’t so old, it would be tempting to switch sides.
So the house he lives in shows on Zillow worth maybe 100K, what do these criminals do with all their money, if his site was as successful as it shows. Just thinking outside the box.
Bacon pizza. Ah the irony.
Sometimes you eat the pig, and sometimes, the pig eats you.
criminals need to eat too.. bacon and chicken tasty but justice mucho delisioso
Criminals need to eat too.. bacon and chicken sounds tasty but justice is delicious!
“The defendant’s web browsing history … shows that the defendant browsed an article written by a prominent security researcher referencing both the defendant’s enterprise along with a competing service, including a link provided by the researcher in the article to an advisory posted by the FBI warning that the operation of booter services was potentially punishable under federal law,”
In other words, a Krebs article helped convict him.
Keep up the good work.
5 years of probation. What a cop-out. Fuck him and his health.
Dude is a career criminal who also hired a hitman to kill his ex-gf and her new BF.
The FBI approach of being soft on crime is so laughable when it comes to these cybercriminals.
This dude should be sent to federal prison to die.
You quite literally have no idea what you’re talking about as you do not know the whole story. Please keep your retarded thoughts within the confines of your little walnut brain.
Wonder if he stiffed the delivery guy on a tip of any sort as well, cretin that he is…?
Bodalicious bacon bulletin — the best kind, Brian
What’s the difference between a “booter” service and a DDOS service?
Looks like there is a chance for people and corporations who believe they have suffered under a Denial of Service attack to notify the government prior to the restitution hearing scheduled for May 5th in Anchorage.
So how does finding the email associated with a pizza order work?
Was LE already on his mail server? Or is LE tied into mail providers for a large swath of store owners? Or is there some system where all store owners are required to send hits on known email addresses?
From the story:
“Federal prosecutors in Alaska said search warrants served on the email accounts Bukoski used in conjunction with Quantum Stresser….”
Hey, great post. I see on of the best help for the food website. We provide pizza in fort mayer also you can taste our pizza and enjoy our Pizza delivery service.
“FBI agents were able to zero in on Bukoski’s real-life location after a review of his email account showed a receipt from May 2018 in which he’d gone online and ordered a handmade pan pizza to be delivered to his home address.”
**so they were watching this email address and could’nt tie it to his location until he ordered a pizza? This part confuses me, they had a warrant, they obviously had his email…his ISP could have given the FBI his location based off his IP.
Hey may have been using a VPN to access Protonmail. In any case, having someone’s IP address doesn’t give you their precise location, and it certainly doesn’t tell you their physical address.