author photo
By Clare O’Gara
Tue | Nov 19, 2019 | 5:30 AM PST

Another booter is brought to justice for launching DDoS attacks.

A U.S. federal court in North Carolina just sentenced 21-year-old Sergiy P. Usatyuk of Illinois to 13 months in prison for his role in a booter scheme that launched millions of illegal DDoS (distributed denial of service) attacks.

His attacks flooded the web and private servers with massive amounts of data, causing network downtime for many organizations.

What did the DDoS scheme look like?

For more than two years, Usatyuk "victimized various segments of American society," says Assistant Attorney General Brian A. Benczkowski.

And he had help.

"Usatyuk combined with a co-conspirator to develop, control and operate a number of booter services and booter-related websites that launched millions of DDoS attacks that disrupted the internet connections of targeted victim computers, rendered targeted websites slow or inaccessible, and interrupted normal business operations."

According to the report, he used illegal services with names such as, ("ExoStresser"),, ("Betabooter"),,,, and to commit his crimes.

And his actions are just one part of the problem: the crime itself points to the massive threat that DDoS-for-hire services pose in the U.S.

Benczkowski explains that the government is trying to crack down on this type of cyberattack.

"The Criminal Division and our law enforcement partners will remain vigilant in protecting the American public from these types of sophisticated, far-reaching threats."

How much can you make through DDoS-as-a-service?

Two years is a long time to run a booting scheme. It's also enough time for a booting scheme to become extremely profitable.

And until they got caught, Usatyuke and his co-conspirator were laughing all the way to the bank.

"During the period of the conspiracy, [they] gained in excess of $550,000 from charging subscriber fees to paying customers of their booter services and selling advertising space to other booter operators."

In other words, they found two ways to make profits from a single kind of cyberattack. 

After the court sentenced him, however, Usatyuke was ordered to forfeit $542,925.

Apparently his financials are a lot like his DDoS attacks. One minute his bank account was flooded with something illegitimate, and the next minute it was not.

Read the U.S. Department of Justice statement here.