DDoS attacks-for-hire site shut down
European law enforcement report that they have successfully shut down a popular attacks-for-hire website and arrested its administrators.
The website Webstresser.org was brought offline by authorities in various member states, says crime agency Europol in a statement published this week. It offered paying customers the chance to launch distributed denial of service (DDoS) attacks on a website or web user of their choice - all for 15 euros a month, less than a Spotify subscription.
The ringleaders were apprehended in the UK, Croatia, Canada on Tuesday this week, the statement revealed, as part of an investigation dubbed “Operation Power Off”. Eventually, the efforts - led by Dutch police and the UK’s National Crime Agency - saw 10 people arrested, including Webstresser’s owner, a 19-year old Croatian citizen.
“It used to be that in order to launch a DDoS attack, one had to be pretty well-versed in internet technology,” Europol’s statement read. “That is no longer the case.”
Various agencies report that the site had 136,000 registered users and was responsible for 4 million attacks in total - as of this month.
"The damage of these attacks is substantial. Victims are out of business for a period of time, and spend money on mitigation and on (other) security measures," the Dutch police said.
The taskforce have also seized Webstresser’s server stacks in the US, Germany and the Netherlands.
DDoS attacks can be used to harass a single web users by making their connection very unstable, but such techniques have been used to harm corporate targets too. One such attack in October 2016 successfully disrupted Twitter, Amazon, Spotify and Airbnb - among other sites - for the best part of a day.
So-called “attacks for hire” make DDoS attacks even easier to organise and cheaper to carry out. Security expert Gregory Webb, CEO of security firm Bromium, estimates that DDoS attacks made $13 million in revenue last year alone.