Dozens of Teens Arrested Over DDoS Attacks
Europol on Monday announced that 34 arrests were made as part of an operation targeting users of Distributed Denial of Service (DDoS) cyber-attack tools.
The operation was conducted between December 5 and 9, 2016, and received cooperation from law enforcement agencies all around the world, including Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States. In addition to the 34 arrests, 101 suspects were interviewed and cautioned, Europol says.
The agency believes that the arrested individuals were paying for stressers and booters services to maliciously deploy software to launch DDoS attacks. The attacks flooded web servers with massive amounts of data, thus rendering them inaccessible to users.
According to Europol, the tools used in these attacks are part of the criminal ‘DDoS for hire’ facilities that hackers can pay to use and which can be aimed at whichever target these hackers choose. However, none of the tools used by the suspects was named in Europol’s announcement.
In September this year, an investigation conducted by the U.S. Federal Bureau of Investigation (FBI) led to the arrest of two individuals believed to be operating a DDoS for hire service. Last year, the U.K. National Crime Agency (NCA) arrested six males aged between 15 and 18, suspected of using the DDoS tool called LizardStresser, which was used to disrupt gaming platforms earlier this year.
The LizardStresser botnet is fueled by Internet of Things devices, and security researchers recently discovered other powerful DDoS tools that use the power of these connected devices, with the Mirai botnet being the most popular of them at the moment.
The available DDoS-for-hire services, the same as the Ransomware-as-a-Service (RaaS) business model, attract many young and adult cybercriminals who lack advanced computer skills but are looking for fast and easy money.
According to Europol, the recent operation was meant to raise awareness in all participating countries of the risk of young adults getting involved in cybercrime. While many of these teenagers get involved for fun, their skill sets (regardless of whether they are in coding, gaming, computer programming, cyber security or anything else that is IT-related) could be put to a positive use. What’s more, most of them aren’t fully aware of the consequences of their actions, or of the severe penalties they could face, and the negative impact these would have on their future.
“Today’s generation is closer to technology than ever before, with the potential of exacerbating the threat of cybercrime. Many IT enthusiasts get involved in seemingly low-level fringe cybercrime activities from a young age, unaware of the consequences that such crimes carry. One of the key priorities of law enforcement should be to engage with these young people to prevent them from pursuing a criminal path, helping them understand how they can use their skills for a more constructive purpose,” Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3), commented.
Helped by EC3, the participating countries were able to identify users of DDoS tools either in the EU or in other regions, and the suspects proved to be mainly young adults under the age of 20. The participating countries worked together in the framework of the EMPACT (European Multidisciplinary Platform against Criminal Threats) project, and actions were taken based on national legislation: some suspects were interviewed, others were detained and arrested, while some were fined. Moreover, notifications were sent to parents and house searches were conducted, among others.
“Bitdefender supports Europol’s campaign in combating teenager involvement in cybercriminal activities, especially since most do it without realizing the full extent of their consequences and harsh punishments. While most teenagers and young adults engage in such activities either for fun or curiosity, their skills and knowledge could be put to better use, for nobler purposes. Instead of developing cybercrime tools, misguided teens still have the chance to change their future and avoid a life of cybercrime,” Liviu Arsene, Senior E-threat Analyst at Bitdefender, told SecurityWeek.
Europol’s operation is the latest in a series aimed at individuals who are using cyber-crime tools, as it previously attempted to tackle users of remote access Trojans (RATs), as part of the BlackShades RAT campaign in 2014 and the Falling sTAR operation last year. Most recently, Europol targeted a large malware delivery platform known as “Avalanche.”
“While we hope that such takedown campaigns performed by Europol and its partners, such as the Avalanche operation, will cripple or dismantle cybercriminal rings, it’s unfortunate that skilled teens are either part of coordinated DDoS attacks or are responsible for other cybercriminal activities,” Arsene concluded.
Source | securityweek