Police shut down the biggest DDoS-for-hire service (webstresser.org) and arrested its administrators

The European police have shut down webstresser.org, the world’s biggest DDoS-for-hire service, that allowed crooks to launch over 4 million attacks.

An international operation dubbed conducted by the European law enforcement agencies led by the UK’s National Crime Agency (NCA) and the Dutch Police, with the help of Europol, has taken down the world’s biggest DDoS-for-hire service.

The operation dubbed Power Off allowed to shut down the biggest DDoS-for-hire service  (webstresser.org) and arrest its administrators, according to the investigators the platform was involved in over 4 million attacks and arrested its administrators.

The police arrested 6 members of the crime group behind the ‘webstresser.org‘ website in Scotland, Croatia, Canada, and Serbia on Tuesday.

The Europol confirmed that Webstresser.org had 136,000 registered users and was used to target online services from banks, government institutions, police forces and the gaming world.

“The administrators of the DDoS marketplace webstresser.org were arrested on 24 April 2018 as a result of Operation Power Off, a complex investigation led by the Dutch Police and the UK’s National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world.” reads the press release published by the Europol. 

“Webstresser.org was considered the world’s biggest marketplace to hire Distributed Denial of Service (DDoS) services, with over 136 000 registered users and 4 million attacks measured by April 2018.”

DDoS-for-hire service allows criminals without specific technical skills to launch powerful cyber attacks by renting their service.

“Stressed websites make powerful weapons in the hands of cybercriminals,” said Jaap van Oss, Dutch chairman of the Joint Cybercrime Action Taskforce.

“International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users,”

The service was shuttered and the police seized the hacking platform, the Europol announced “further measures” were also taken against the top users in the above four countries, as well as in Italy, Australia, Hong Kong and Spain.

Registered user on Webstresser.org could access the DDoS-for-hire service an entry fee of €15 per month.

“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online”, said Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3). “It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimising millions of users in a moment form anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks.”

Abusing legitimate booter services or using a DDoS-for-hire service is a crime, the Europol remarked that penalties can be severe.

“DDoS attacks are illegal. Many IT enthusiasts get involved in seemingly low-level fringe cybercrime activities, unaware of the consequences that such crimes carry. The penalties can be severe: if you conduct a DDoS attack, or make, supply or obtain stresser or booter services, you could receive a prison sentence, a fine or both.” concluded the Europol.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – DDoS-for-hire service, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]