A Texas man was sentenced today to 9 months in federal prison for running a website that allowed paying users to launch powerful distributed denial of service – or DDoS – attacks that flooded tens of thousands of targeted computers with information and prevented them from being able to access the internet.
Scott Raul Esparza, 24, of Katy, Texas, was sentenced by United States District Judge Michael W. Fitzgerald who also ordered two years of supervised release with conditions including a full computer monitoring program after serving his prison sentence.
Esparza pleaded guilty on March 6 to one count of conspiracy to commit unauthorized impairment of a protected computer and one count of unauthorized impairment of a protected computer.
From 2019 to September 2022, Esparza operated and co-administrated with Shamar Shattock, 21, of Margate, Florida, a DDoS-for-hire service called "Astrostress.com." The term "DDoS" refers to a type of computer attack in which multiple computers attempt to make connections through the Internet to a targeted computer at the same time. The amount of internet traffic generated by such an attack quickly overwhelms the capacity of the victim computer, resulting in the victim computer being unable to send, receive or respond to commands.
Astrostress.com was a type of DDoS-for-hire service known as a "booter" service, referring to its ability to "boot" victims off the internet. Customers of Astrostress.com were offered various levels of subscriptions – depending on how many attacks they wanted to conduct and with what power – and were charged accordingly. This site thus enabled co-conspirators worldwide to set up accounts on Astrostress.com and then use the Astrostress.com resources to direct attacks at internet-connected computers around the globe.
Esparza was responsible for procuring the attack servers and maintaining the attack functionality of Astrostress.com. Esparza also helped Shattock market the service, and he hired a co-conspirator to assist with responding to support requests from customers of the service.
Esparza neither owned nor had the rights to use the third-party computers he exploited to generate the amplified attack power made available via the Astrostress.com website. He was aware that his customers were using the site to attack computers that did not belong to the customers, and which the customers had no authorization to impair. Esparza personally conducted thousands of attacks using his own service.
From September 2021 to September 2022, while Esparza administered the website, customers used Astrostress.com to attack tens of thousands of protected computers. As a result, they impaired or attempted to impair the availability of the victim computers by knocking them offline.
In or around September 2022, shortly after the FBI caused Astrostress.com to shut down, Esparza called Shattock and left him a voicemail message in which he instructed Shattock to "clear" all his social media accounts "so nothing gets linked back to us."
Shattock pleaded guilty in March 2023 to one felony conspiracy count and faces up to five years in federal prison at his sentencing hearing, which is expected to occur in the coming months.
The FBI investigated this matter as part of Operation PowerOFF, a multi-national effort to combat DDoS-for-hire services.
Assistant United States Attorneys Cameron L. Schroeder, Chief of the National Security Division, and Aaron B. Frumkin of the Cyber and Intellectual Property Crimes Section prosecuted this case. Assistant United States Attorney James E. Dochterman of the Asset Forfeiture and Recovery Section is handling the seizure of the Astrostress domain.
Reader Comments(0)