Anchorage, AK – A 22-year-old Oregon man has been charged with operating one of the most powerful distributed denial-of-service (DDoS) botnets ever uncovered, allegedly launching over 370,000 attacks worldwide through a malware network known as “Rapper Bot.”
Federal prosecutors announced Tuesday that Ethan Foltz of Eugene was charged in the District of Alaska with aiding and abetting computer intrusions. Investigators say Foltz was the administrator behind Rapper Bot—also called “Eleven Eleven Botnet” and “CowBot”—a DDoS-for-hire operation that compromised tens of thousands of devices and was rented out to paying customers.
Court records allege Rapper Bot infected 65,000 to 95,000 internet-connected devices, primarily WiFi routers and DVRs, and turned them into a global cyberweapon. Victims spanned over 80 countries and included a U.S. government network, a popular social media platform, and multiple U.S. tech companies. In some cases, the attacks allegedly reached beyond six Terabits per second in size.
Between April and August, Rapper Bot is believed to have launched hundreds of thousands of attacks, targeting more than 18,000 unique systems. Five of the compromised devices were located in Alaska, where the case is being prosecuted. Officials say the financial fallout from even a single 30-second attack of that magnitude could cost victims up to $10,000.
Law enforcement seized control of Rapper Bot during a search of Foltz’s home on August 6. The Defense Criminal Investigative Service (DCIS) has since taken over the infrastructure, and no further attacks have been reported since the transfer.
Investigators also allege the botnet was used by some clients to extort victims, threatening sustained DDoS attacks unless demands were met.
Foltz faces a maximum of 10 years in federal prison if convicted. Sentencing will be determined by a district court judge following consideration of sentencing guidelines.
Key Points
- Oregon man charged with running DDoS-for-hire botnet known as Rapper Bot
- Botnet allegedly launched 370,000+ attacks targeting over 80 countries
- Rapper Bot infrastructure now under control of U.S. cyber defense agencies
Authorities say a DDoS-for-hire empire built on infected routers has finally been unplugged.