When Karim Rattani isn’t manning the till at the local Subway franchise in his adopted hometown of Cartersville, Ga., he’s usually tinkering with code. The 21-year-old Pakistani native is the lead programmer for two very different yet complementary online services: One lets people launch powerful attacks that can knock Web sites, businesses and other targets offline for hours at a time; the other is a Web hosting service designed to help companies weather such assaults.
Rattani helps run two different “booter” or “stresser” services – grimbooter[dot]com, and restricted-stresser[dot]info. He also works on TheHosted[dot]me, a Web hosting firm marketed to Web sites looking for protection from the very attacks he helps to launch.
As part of an ongoing series on booter services, I reached out to Rattani via his Facebook account (which was replete with images linking to fake Youtube sites that foist malicious software disguised as Adobe’s Flash Player plugin). It turns out, the same Google Wallet is used to accept payment for all three services, and that wallet traced back to Rattani.
In a Facebook chat, Rattani claimed he doesn’t run the companies, but merely accepts Google Wallet payments for them and then wires the money (minus his cut) to a young man named Danial Rajput — his business partner back in Karachi. Rajput declined to be interviewed for this story.
The work that Rattani does for these booter services brings in roughly $2,500 a month — far more than he could ever hope to make in a month slinging sandwiches. Asked whether he sees a conflict of interest in his work, Rattani was ambivalent.
“It is kind of [a conflict], but if my friend won’t sell [the service], someone else will,” he said.
Rattani and his partner are among an increasing number of young men who sell legally murky DDoS-for-hire services. The proprietors of these services market them as purely for Web site administrators to “stress test” their sites to ensure they can handle high volumes of visitors.
But that argument is about as convincing as a prostitute trying to pass herself off as an escort. The owner of the attack services (the aforementioned Mr. Rajput) advertises them at hackforums[dot]net, an English language forum where tons of low-skilled hackers hang out and rent such attack services to prove their “skills” and toughness to others. Indeed, in his own first post on Hackforums in 2012, Rajput states that “my aim is to provide the best quality vps [virtual private server] for ddosing :P”. Continue reading →