Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Authorities Take Down Largest DDoS Services Marketplace

The

The world’s largest marketplace for selling Distributed Denial of Service (DDoS) attacks, was taken down this week following a complex joint operation, authorities announced.

The site, Webstresser.org, offered DDoS for hire services for as little as $14.99 per month, and had over 136,000 egistered users and 4 million attacks measured as of April 2018. The service was available to any wannabe criminal, and didn’t require technical knowledge to launch crippling DDoS attacks across the world.

Critical online services of banks, government institutions, and police forces, as well as gaming organizations fell victim to attacks, Europol said.

Such for-hire services rely on botnets – networks of malware-infected systems under the attacker’s control – to launch high volumes of Internet traffic at the target machines to paralyze them. By depleting the resources of a targeted server, they can either slow it down or completely knock it offline.

Published earlier this year, Arbor Networks’ 13th Annual Worldwide Infrastructure Security Report (WISR) revealed that over half of enterprise, government and education (EGE) organizations faced a crippling DDoS attack in 2017. The security firm observed 7.5 million assaults last year.

On April 24, as part of an investigation called Operation Power Off, the Dutch Police and the UK’s National Crime Agency, with support from Europol and law enforcement agencies worldwide, targeted six administrators of Webstresser.org in the United Kingdom, Croatia, Canada and Serbia.

Today, the Dutch police, with assistance from Germany and the United States, seized infrastructure and effectively took down the webstresser.org website.

Furthermore, the authorities took measures against the top users of the marketplace, in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong.

Advertisement. Scroll to continue reading.

In the UK, NCA officers searched an address in Bradford, supposedly linked to an individual who used the DDoS service to target seven of the UK’s biggest banks in attacks in November 2017, forcing them to shut down entire systems.

“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online. It’s a growing problem, and one we take very seriously,” Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3), said.

DDoS attacks are illegal, Europol underlines. Anyone who gets involved could face severe penalties: conducting a DDoS attack or creating (supplying or obtaining) stresser or booter services could result in a prison sentence, a fine or both.

“Stresser websites make powerful weapons in the hands of cybercriminals. International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users,” Jaap van Oss, Dutch Chairman of the Joint Cybercrime Action Taskforce (J-CAT), said.

According to Europol, many IT enthusiasts become involved in low-level fringe cybercrime activities, unaware of consequences. IT-related skills – either coding, gaming, computer programming, or cyber security – are in high demand and could be put to a positive use instead.

Related: Largest Ever 1.3Tbps DDoS Attack Includes Embedded Ransom Demands 

Related: You Can DDoS an Organization for Just $10 per Hour: Cybercrime Report

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.