In May 2013 KrebsOnSecurity wrote about Ragebooter, a service that paying customers can use to launch powerful distributed denial-of-service (DDoS) attacks capable of knocking individuals and Web sites offline. The owner of Ragebooter subsequently was convicted in 2016 of possessing child pornography, but his business somehow lived on while he was in prison. Now just weeks after Poland made probation, a mobile version of the attack-for-hire service has gone up for sale on the Google Play store.
Pro tip: If you’re planning to launch a debilitating denial-of-service attack against your former employer, try not to “like” the Facebook page of the DDoS-for-hire Web service that you intend to use in the assault. Tell that to Kevin Courtois, a 28-year-old from Three Rivers, Quebec who was arrested earlier this year for allegedly launching a volley of cyber attacks against his former company over a nine month period beginning in May 2012.
On Monday, I profiled asylumbooter.com, one of several increasingly public DDoS-for-hire services posing as Web site “stress testing” services. Today, we’ll look at ragebooter.net, yet another attack service except for one secret feature which sets it apart from the competition: According the site’s proprietor, ragebooter.net includes a hidden backdoor that lets the FBI monitor customer activity.