British police are conducting a number of live operations against users of the Distributed Denial of Service (DDoS) marketplace webstresser.org, according to an Interpol statement today, with 400 UK users targeted.
The activity comes as police forces across the continent continue to mine a trove of information about the website’s 151,000 registered users, obtained when the website was brought down in an international effort last April.
webstresser.org was the world’s DDoS services marketplace, helping launch over four million attacks from just €15 per month.
Four alleged administrators of the service were arrested in Canada, Croatia, Serbia and the UK in April 2018, whilst the site was shut down and its infrastructure seized in Germany and the US in a coordinated action.
The database clearly continues to inform continent-wide warrants.
“In the United Kingdom a number of webstresser.org users have recently been visited by the police, who have seized over 60 personal electronic devices from them for analysis as part of Operation Power OFF” Interpol said.
“UK police are also conducting a number of live operations against other DDoS criminals; over 250 users of webstresser.org and other DDoS services will soon face action for the damage they have caused,” Interpol said.
The UK’s National Crime Agency (NCA), in its own statement, said officers from the NCA’s National Cyber Crime Unit, with support from Regional Organised Crime Units and Police Scotland, have executed eight warrants and seized more than 60 personal computers, tablets and mobile phones.
A further 400 users of the service are now being targeted by the NCA and partners.
Jim Stokley, Deputy Director of the NCA’s National Cyber Crime Unit, said: “Cyber-crime is not constricted by borders. The coordinated international response to this threat shows how law enforcement works around the globe to combat criminally orchestrated disruption impacting the public sector, commerce and the public.”
“The action taken shows that although users think that they can hide behind usernames and crypto currency, these do not provide anonymity. We have already identified further suspects linked to the site, and we will continue to take action.
“Our message is clear. This activity should serve as a warning to those considering launching DDoS attacks. The NCA and our law enforcement partners will identify you, find you and hold you liable for the damage you cause.”
DDoS Attacks Still Common
Darren Anstee, CTO for Security, NETSCOUT, told Computer Business Review in an emailed statement: “Stressor and booter services make it all too easy for anyone to launch disruptive DDoS attacks, there is no barrier to entry, and they have been a factor in the growth of DDoS as a mainstream problem.”
He added: “This collaborative effort to trace webstresser users shows that those using these services can no longer rely on retaining their anonymity. This is exactly the kind of action that is needed, as it will dissuade others from simply ‘clicking the button’ to launch an attack – with no consideration of the consequence of that attack. It should be noted however that this will only dissuade some from using these kinds of services, criminal behaviour will persist, and DDoS attacks will continue.”
“The best-practice defence against DDoS is a layered solution compromising of both a cloud and ISP-based DDoS protection service, which has the capability to stop high-magnitude attacks. That combination will allow organisations to deal proactively with even the most stealthy and sophisticated attacks. DDoS is a well-understood threat, yet we still see large brands facing.”
DDoS attacks flood online infrastructure with malicious traffic designed to deny a user access to a network resource or service.