The Department of Justice last week announced that a 22-year-old Oregon man was charged in the District of Alaska on charges related to carrying out a series of DDoS-for-hire cyberattacks that targeted victims around the world. The attacks targeted the Department of Defense Information Network (DODIN) on at least three occasions earlier this year.
Ethan Foltz was charged last Tuesday for allegedly running the large-scale cyber attacks that have been carried out since 2021, likely impacting millions of victims. Known as “Rapper Bot,” as well as “Eleven Eleven Botnet” and “Cowbot,” the Botnet compromised DVRs (digital video recorders) and WiFi routers on a massive scale, infecting the devices with specialized malware. The Rapper Bot attacks were carried out for a variety of clients, who paid to put U.S. government networks, a social media platform, and multiple tech companies in the crosshairs.
“Foltz and his co-conspirators allegedly monetized Rapper Bot by providing select paying customers with access to one of the most sophisticated and powerful DDoS-for-hire Botnets currently in existence,” the DoJ explained.
If convicted, Foltz faces a maximum of 10 years in prison.
“Any and all takedowns are exactly what should be done,” Lawrence Pingree, technology evangelist with Dispersive Holdings, and former senior Gartner VP/analyst, told ClearanceJobs.
“What I especially like is the collaboration emerging with countries that need to be engaged to create these types of positive outcomes,” said Pingree.
Massive Data Employed
According to the criminal complaint, from just this past April to August, Rapper Bot conducted more than 370,000 attacks, which targeted 18,000 unique victims. In total, Rapper Bot also utilized as many as 95,000 infected victim devices to carry out DDoS attacks by sending massive amounts of data, measuring between two and three Terabits per second. In the largest DDoS attacks, the traffic may have even exceeded six Terabits per second.
“A DDoS attack averaging over two Terabits per second lasting 30 seconds might cost a victim anywhere from $500 to $10,000,” the complaint detailed, while it further alleged that some Rapper Bot customers used extortion demands, where they leveraged the DDoS attack volumes of the Botnet to extort their respective victims.
“Rapper Bot was one of the most powerful DDoS botnets to ever exist, but the outstanding investigatory work by DCIS cyber agents and support of my office and industry partners has put an end to Foltz’s time as administrator and effectively disrupted the activities of this transnational criminal group,” said U.S. Attorney Michael J. Heyman for the District of Alaska. “Our office remains committed to disrupting and dismantling cyber criminals that threaten internet security and infrastructure in the District of Alaska and across the United States.”
International Targets
What is noteworthy about Rapper Bot is that the attacks were driven by profit, and it crossed borders. As noted, 80 different nations were impacted this year, with DDoS attacks concentrated on targets in China, Hong Kong, Ireland, Japan, and the United States.
Among the victims was the DODIN. The Pentagon confirmed that DoD IP addresses may have been targeted, but didn’t go into further details.
Officials also didn’t confirm if the Rapper Bot Botnet was responsible for the cyberattack that caused outages of X, the social media platform owned by Elon Musk, who was leading the Trump Administration’s Department of Government Efficiency (DOGE) at the time.
“Today’s announcement highlights the ongoing efforts by law enforcement to disrupt and dismantle emerging cyber threats targeting the Department of Defense and the defense industrial base,” said Special Agent in Charge Kenneth DeChellis of the Department of Defense Office of Inspector General, DCIS, Cyber Field Office. “The Rapper Bot malware was a clear threat, and the focused efforts of DCIS, our industry partners, and the federal prosecutors at the U.S. Attorney’s Office in Alaska, sends a clear signal to those who would harm the DoD’s personnel, infrastructure, and intellectual property, that their actions will come at a cost.”
