US Authorities Track Down RapperBot, One of the Biggest DDoS-for-Hire Operations
RapperBot, an infamous botnet-for-hire tied to a staggering number of DDoS attacks, has been taken offline thanks to the efforts of federal agencies. The alleged mastermind, Ethan Foltz, a 22-year-old from Eugene, Oregon, has also been arrested.
Foltz is accused of controlling a vast network referred to as the Eleven Eleven Botnet or CowBot, which prosecutors characterize as one of the mightiest DDoS botnets ever encountered.
From April to August this year, the Mirai-derived RapperBot unleashed over 370,000 attacks against approximately 18,000 targets across more than 80 countries. Its victims included US government systems, social media sites, and even Chinese gambling platforms, with some being coercively targeted for ransom.
Foltz was captured on August 6 during a raid that involved seizing critical command-and-control systems. Since then, the RapperBot has gone radio silent, and if convicted for these computer intrusion charges, he could face a decade behind bars.
The Justice Department states that the botnet typically unleashed its might at an average of 2-3 Tbps during attacks, with its most potent strike surpassing 6 Tbps. For an attack that averages over 2 Tbps and lasts for about half a minute, the financial toll on victims can range from $500 to $10,000.
This scale of devastation, along with its on-demand rental structure, made RapperBot a favored instrument in the hacking underworld. Officials revealed that its attacks were not just hindering online services but also aimed at the Department of Defense’s own digital defenses.
The disruption of RapperBot was part of Operation PowerOFF, an international scheme to dismantle DDoS services. The investigation was spearheaded by the Defense Criminal Investigative Service with support from US Attorney’s Offices in Oregon and Alaska, alongside technical assistance from firms like AWS, Akamai, Cloudflare, DigitalOcean, and others. They managed to locate and obliterate harmful infrastructure before it caused more damage.
AWS later acknowledged its part in the operation, sharing on LinkedIn that its detection tools and insight into network activity were instrumental in assisting law enforcement with the takedown. While specific details are scarce, this incident highlights the growing influence of large cloud providers in tackling major cybercrime.
US Attorney Michael Heyman commended the case as an example of exceptional investigative work that brought Foltz’s alleged botnet operations to a halt. Kenneth DeChellis, Special Agent in Charge, emphasized that RapperBot represented a significant danger to the Department of Defense and warned other potential botnet operators to heed this warning.
As Foltz awaits trial and the RapperBot infrastructure is secured by the government, this case underscores the massive scale of the DDoS-for-hire market and the efficiency of cooperative public-private efforts to combat it. Whether this incident will serve as a deterrent to future rental or operational efforts remains uncertain, but for the moment, one of the internet’s most disruptive tools is muted.
