Federal authorities have arrested Ethan Foltz, a 22-year-old from Eugene, Oregon, charging him with administering the Rapper Bot—a notorious “DDoS-for-hire” network that launched over 370,000 coordinated cyberattacks across 80 countries. The operation, dismantled in early August, disrupted government systems, social media platforms, and private companies.
Botnet Built from Everyday Devices
Court documents revealed that Foltz deployed the botnet by infecting nearly 65,000 to 95,000 IoT devices, including DVRs and Wi-Fi routers, using variants of the Mirai malware. The botnet, also known as Eleven Eleven or CowBot, generated DDoS attacks ranging from two to three terabits per second, with peak strikes exceeding six terabits per second—a scale powerful enough to disrupt robust digital infrastructure.
Victims included the U.S. Department of Defense Information Network, the social platform X, the AI firm DeepSeek, and others. Each 30-second DDoS attack reportedly caused losses between INR 4 lakh and INR 80 lakh, strain on bandwidth, and service downtime. Some attackers even demanded ransom to halt attacks—a sign of the botnet’s commercial exploitation.
Operation PowerOFF Brings Global Disruption to a Halt
The Rapper Bot takedown, dubbed Operation PowerOFF, was a coordinated effort involving the U.S. Department of Justice, the Defense Criminal Investigative Service (DCIS), and tech partners like Amazon Web Services, Google, Cloudflare, PayPal, and DigitalOcean. The August 6 raid on Foltz’s home enabled officials to seize control of the botnet’s infrastructure and effectively silence its attack activity.
Foltz is now charged with aiding and abetting computer intrusions. If convicted, he faces up to ten years in prison. The operation marks a significant victory in the fight against globally disruptive cybercrime, sending a strong message to cybercriminal networks worldwide.
