According to a Europol press release, a joint operation between “Dutch Police and the UK’s National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world” has shut down a major DDoS marketplace. The website was webstresser.org and had roughly 136,000 clients around the world, including in The Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada, and Hong Kong.
In addition to pursuing legal action against the users of webstresser.org, the administrators of the website have been arrested in their respective nations of origin (United Kingdom, Croatia, Canada, and Serbia). The operation is a huge blow to the DDoS as a Service industry, although this is just one of many websites that offer such services to would-be cybercriminals.
Part of webstresser.org’s popularity stemmed from its ease of use and the fairly reasonable pricing with the cheapest services being EUR 15.00 a month. The amount of DDoS attacks that resulted from webstresser.org is rather staggering. According to Europol, there were at least 4 million DDoS attacks against targets such as “critical online services offered by banks, government institutions and police forces, as well as victims in the gaming industry.”
DDoS as a Service has been a growing trend for quite some time. The allure of bringing down a website despite having little technical know-how is clearly too difficult for some to pass up. Steven Wilson, head of Europol’s European Cybercrime Centre (EC3) had this to say on the matter:
We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals — and not just experienced ones — to conduct DDoS attacks and other kinds of malicious activities online... It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimizing millions of users in a moment from anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks.
This particular website is dead and its admins are facing prison, but the work is far from over when it comes to shutting down those that offer DDoS attacks for a fee.
Photo credit: Wikimedia