The Dutch National High Tech Crime Unit and the UK’s National Crime Agency, supported by the Europol, the FBI and a dozen of other law enforcement agencies around the world, have taken down one of the world's largest DDoS-for-hire service with its infrastructure all seized.
The joint operation is called Operation Power OFF, and it took down a service called WebStresser, which povided cheap DDoS attacks, lowering the barrier entry for cybercriminals and hacktivists.
WebStresser with servers in Germany, the Netherlands and the U.S., was one of many so-called “booter” or “stresser” services, which is a virtual hired muscle for anyone who want to cripple any website or internet user offline. It sold hacking tools and malware, services as well as expertise.
WebStresser was one of the largest service that made cybercrime as easy as online shopping.
According to Europol, it had more than 136,000 registered users, who carried out a combined 4 million attacks as of April 2018.
The administrators were located in the Canada, Croatia, Serbia and the UK. Initially, two men from Serbia were arrested in conjunction with the takedown.
Further measures were taken against the top users coming from Australia, Canada, Croatia, Hong Kong, Italy, the Netherlands, Spain and the UK according to Europol.
"It used to be that in order to launch a DDoS attack, one had to be pretty well-versed in internet technology. That is no longer the case," said Europol. "With WebStresser[.]org, any registered user could pay a nominal fee using online payment systems or cryptocurrencies, to rent out the use of stressers and booters. Fees on offer were as low as €15.00 a month, thus allowing individuals with little to no technical knowledge to launch crippling DDoS attacks."
"The damage of these attacks is substantial," stated Dutch National Police in a Reddit thread about the takedown. "Victims are out of business for a period of time, and spend money on mitigation and on (other) security measures."
The result of the takedown also made some booter businesses that were reselling WebStresser’s service to stop functioning. They include: PowerBoot, Defcon, Ampnode, RipStresser, FruitStresser, Topbooter, FreeBooter and Rackstress.
However, it's also reported that there are likely to be many other websites, or soon to be platforms that do the same thing.
This was also made clear by a marketplace for booter buyers and sellers, saying that there are dozens of other booter services in operation, with new ones coming online almost every month.
They are difficult to track because they disguise themselves as legitimate companies offering useful service. Hiding behind their Terms of Service, they're also difficult to disrupt as many of them bill themselves as "testing” services that gauge a website’s resiliency to DDoS attacks, while in fact they sell DDoS services.
The operation has been received negatively by many in the hacker community. They criticized the authorities for targeting booter service administrators and users and for not pursuing what they perceive as more serious cybercriminals, noting that the majority of both groups are young people under the age of 21.