In a large-scale joint operation called “Operation Power Off”, the Dutch Police and the United Kingdom’s National Crime Agency alongside with Europol and several other law enforcement authorities have arrested the administrators of Webstresser, a cybercrime platform providing DDoS-for-hire service while its domain Webstresser.org has been seized.
The arrested administrators were based in Canada, Croatia, Serbia, and the United Kingdom. What is astonishing about this operation is that the authorities also arrested top users of the DDoS-for-hire marketplace. These users belonged to countries like Italy, Canada, Australia, Netherlands, Croatia, Spain, Hong Kong and the United Kingdom.
Webstresser.org was known to be one of the largest platforms for cybercriminals to hire Distributed Denial of Service (DDoS) services including stressers and booters for just €15 ($18). The marketplace had more than 136 000 registered users and by April 2018, it was used for whopping 4 million attacks against gaming giants, Police, government sectors and banking and financial institutions.
See: Netgear’s New Gaming Router Offers Protection Against DDoS Attacks
Those visiting the website right now can see domain seizure notice stating that “This site has been seized. The domain name Webstresser.org has been seized by the United States Department of Defense, Defense Criminal Investigative Service, Cyber Field Office in accordance with a warrant issued by the United States District Court for the Eastern District of Virginia.”
“This domain name has been seized in conjunction with Operation Power OFF. Operation Power OFF is a coordinated effort by law enforcement agencies from The Netherlands, United Kingdom, Serbia, Croatia, Spain, Italy, Germany, Australia, Hong Kong, Canada and the United States of America, in cooperation with Europol. The operation is aimed at the takedown of the illegal DDoS-for-hire-service Webstresser.org,” said the notice.
“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kinds of malicious activities online”, said Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3).
DDoS marketplace Webstresser sold over 4 million DDoS attacks that could knock internet offline for as little as EUR 15/month. Here’s how such attacks work ?#OpPowerOff #cybercrime pic.twitter.com/99cNj477I8
— Europol (@Europol) April 25, 2018
“It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimizing millions of users in a moment from anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyber attacks.”
“Stresser websites make powerful weapons in the hands of cybercriminals,” said Jaap van Oss, Dutch Chairman of the Joint Cybercrime Action Taskforce (J-CAT). “International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users. This joint operation is yet another successful example of the ongoing international effort against these destructive cyber attacks.”
Webstresser.org’s shut down is a massive blow to the cybercriminal community but a sigh of relief for large and small business who suffered DDoS attacks due to the “facility” the platform provided to people around the world.
Image credit: Depositphotos
