The National Crime Agency (NCA), working in conjunction with law enforcement partners from 14 countries, has taken action against a number of users of illegal websites, with those involved linked to four million attacks across the globe. This latest action is part of Operation Power Off, which pursues those individuals and services responsible for committing or facilitating Distributed Denial of Service (DDoS) attacks.
Webstresser.org was the most popular DDoS-for-Hire service on the market, with 136,000 international users of the service until it was shut down in April 2018 by the Dutch police with assistance from Germany and the US.
DDoS is a form of cyber attack in which a target website is so overwhelmed by requests for access that it may crash.
DDoS-for-Hire services allow criminals to carry out these attacks more easily by providing access to DDoS botnets (networks of malware-infected computers).
The impact of such attacks can be crippling for an organisation, with complete disruption of service and a substantial impact on the confidentiality or integrity of personal data.
Since November last year, a number of Webstresser.org users in the UK have found themselves the subject of law enforcement activity. Officers from the NCA’s National Cyber Crime Unit, with support from Regional Organised Crime Units and Police Scotland, have executed eight warrants and seized more than 60 personal computers, tablets and mobile phones. A number of users also received ‘Cease and Desist’ notices.
A further 400 users of the service are now being targeted by the NCA and partners.
Jim Stokley, deputy director of the NCA’s National Cyber Crime Unit, said: “Cyber crime isn’t constricted by borders. The co-ordinated international response to this threat shows how law enforcement works around the globe to combat criminally orchestrated disruption impacting the public sector, commerce and the public at large. The action taken shows that, although users think that they can hide behind usernames and cryptocurrency, these don’t provide anonymity. We’ve already identified further suspects linked to the site and will continue to take action.”
Stokley concluded: “Our message is clear. This activity should serve as a warning to those considering launching DDoS attacks. The NCA and our law enforcement partners will identify you, find you and hold you liable for the damage you cause.”