World’s biggest marketplace selling Internet-paralysing DDoS attacks taken down

The administrators of the Distributed Denial of Service (DDoS) marketplace webstresser.org were arrested on 24 April as a result of Operation Power Off, a complex investigation led by the Dutch police and the UK’s own National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world.

The administrators were located in the UK, Croatia, Canada and Serbia. Further measures were taken against the top users of this marketplace in the UK, the Netherlands, Italy, Spain, Croatia, Australia, Canada and Hong Kong. The illegal service was shut down and its infrastructure seized in the Netherlands, the US and Germany.

Webstresser.org was considered the world’s biggest marketplace to hire DDoS services, with over 136,000 registered users and four million attacks recorded up to this month. The orchestrated attacks targeted critical online services offered by banks, Government institutions and police forces, as well as victims in the gaming industry.

In a DDoS attack enabled by such a service, the attacker remotely controls connected devices to direct a large amount of traffic at a website or an online platform. Whether this traffic eats up the website’s bandwidth, overwhelms the server or consumes other essential resources, the end result of an unmitigated DDoS attack is the same: the targeted website is either slowed down past the point of usability or it’s knocked completely offline, depriving users from essential online services.

It used to be the case that, in order to launch a DDoS attack, one had to be pretty well versed in Internet technology. That’s no longer the case. With webstresser.org, any registered user could pay a nominal fee using online payment systems or cryptocurrencies to rent out the use of stressers and booters. Fees on offer were as low as EUR 15 per month, thus allowing individuals with little-to-no technical knowledge to launch crippling DDoS attacks.

International law enforcement cyber sweep

International police co-operation was central to the success of this investigation initiated by the Dutch National High Tech Crime Unit and the National Crime Agency, as the administrators, users, critical infrastructure and victims were scattered across the world.

Europol’s European Cyber Crime Centre (EC3) and the Joint Cyber Crime Action Task Force (J-CAT) supported the investigation from the onset by facilitating the exchange of information between all partners. A command and co-ordination post was set up at Europol’s headquarters in The Hague on the action day.

“We have a trend whereby the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kinds of malicious activity online,” said Steven Wilson, head of EC3. “It’s a growing problem, and one that we take very seriously indeed. Criminals are very good at collaborating and victimising millions of users in a moment from anywhere in the world. We need to collaborate with our international partners and better the criminals’ collaborations in order to turn the table on the latter and shut down their malicious cyber attacks.”

Jaap van Oss, the Dutch chairman of J-CAT, added: “Stresser websites make for powerful weapons in the hands of cyber criminals. International law enforcement will not tolerate these illegal services and will continue to pursue their admins and users. This joint operation is yet another successful example of the ongoing international effort against these destructive cyber attacks.”

DDoS-ing is a crime

DDoS attacks are illegal. Many IT enthusiasts become involved in seemingly low-level fringe cyber crime activities, unaware of the consequences that such crimes carry. The penalties can be severe: if you conduct a DDoS attack, or make, supply or obtain stresser or booter services then you could receive a prison sentence, a fine or even both.

The individuals that become involved in cyber crime often have a skill set that could be put to a positive use. Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand. Indeed, there are many careers and opportunities available to anyone with an interest in these areas.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts