A man in Oregon has been charged with operating a powerful botnet, known as the “Rapper Bot,” that carried out cyberattacks against thousands of victims. High-profile targets, according to the federal prosecutors in Alaska, included tech companies, a popular social media platform and a U.S. government network.
The alleged administrator, 22-year-old Ethan Foltz, lost control of the botnet on Aug. 6 after law enforcement executed a search warrant at his home in Eugene. The botnet used thousands of hacked devices to carry out distributed denial of service, or DDoS, attacks against targeted systems.
Rapper Bot, which had been operating since 2021, worked by infecting devices such as digital video recorders and WiFi routers with specialized malware. Once under the botnet’s control, those devices were used to collectively knock servers offline by overwhelming them with traffic. Authorities said Rapper Bot infiltrated between 65,000 and 95,000 devices.
Foltz was charged Tuesday with one count of aiding and abetting computer intrusions. He faces as much as 10 years in prison if convicted.
18,000 victims in 80 countries
Foltz and his co-conspirators allegedly monetized Rapper Bot by turning it into a DDoS-for-hire service. Customers would pay to gain temporary control of the botnet to launch attacks. A criminal complaint against Foltz says Rapper Bot carried out more than 370,000 attacks against 18,000 victims in 80 countries between April and August.
Cybersecurity expert Brian Krebs reported on Tuesday that Rapper Bot knocked the social media platform X offline in March.
Rapper Bot often sent two to three terabits of data per second at a target’s systems, while its largest ever DDoS attack allegedly exceeded six terabits per second.
“Rapper Bot was one of the most powerful DDoS botnets to ever exist,” U.S. Attorney Michael J. Heyman of Alaska said in a statement.
The investigation, Heyman said, “put an end to Foltz’s time as administrator and effectively disrupted the activities of this transnational criminal group.”
Foltz’s case is part of an international law enforcement effort known as Operation PowerOFF, which aims to dismantle DDoS-for-hire operations across the globe.
