The world’s biggest DDoS-for-hire service, Webstresser.org, is now down thanks to a coordinated international operation. The DDoS provider was shut down on Wednesday after a thorough investigation carried out by UK’s National Crime Agency and the Dutch National Police and the Dutch National Police.
According to Europol statistics, Webstresser.org’s servers were seized at 11.30 am in the Netherlands, the US and Germany. Thus, the 136,000 registered users lost access to the service which enabled operations for people with close-to-none technical knowledge or experience. The price for the service was quite affordable – just $14.99 per attack.
The administrators were located in the United Kingdom, Croatia, Canada and Serbia, Europol said, adding that:
Further measures were taken against the top users of this marketplace in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong. The illegal service was shut down and its infrastructure seized in the Netherlands, the US and Germany.
Why Are DDoS-for-Hire Services So Dangerous?
DDoS attacks used to require technical skills but with such services at hand that is no longer the case. Thanks to these services, unprofessional attackers can remotely control connected devices to direct a large amount of traffic at a website or platform they want to target.
“Whether this traffic eats up the website’s bandwidth, overwhelms the server, or consumes other essential resources, the end result of an unmitigated DDoS attack is the same: the victim website is either slowed down past the point of usability, or it’s knocked completely offline, depriving users from essential online services,” Europol explains.
Seven of the UK’s biggest banks apparently were targeted in attacks in November 2017. These banks were forced to reduce operations or shut down entire systems, which led to financial losses in the hundreds of thousands to get services back up and running, as explained by the NCA.
Other targets were government institutions, police forces and the gaming industry.
As explained by Jo Goodall, the lead investigator in the operation for the NCA:
Cyber-crime by default is a threat that crosses borders. The arrests made over the past two days show that the internet does not provide bulletproof anonymity to offenders and we expect to identify further suspects linked to the site in the coming weeks and months.
“By taking down world’s largest illegal DDoS seller in a worldwide joint law enforcement operation based on NCA intelligence, we have made an unprecedented impact on DDoS cybercrime”, said Gert Ras, head of the National High Tech Crime Unit at the Dutch National Police