‘Webstresser’ DDoS Attack Site Shut Down in International Operation
The world’s largest online marketplace for selling and lauching distributed denial-of-service (DDoS) attacks was shut down this week as part of Operation Power Off, an international investigation into the so-called Webstresser.org site. The effort was led by the UK National Crime Agency (NCA) and Dutch National Police, with support from Europol and a dozen global law enforcement agencies, Europol reports.
Webstresser had more than 136,000 registered users, and threat actors have reportedly used it to launch at least four million cyberattacks, targeting government agencies, banks, police organizations, and victims in the gaming sector by flooding their servers with traffic, according to Europol.
The site simplified the process of launching DDoS attacks, once a threat mostly accessible to tech-savvy cybercriminals. Anybody, regardless of their technical skill level, could use Webstresser’s online payment system or cryptocurrency to rent out stressers or booters, which were available for as little as 15 EUR/month and could be used for destructive DDoS attacks.
Stressers and booters are for-hire services that grant access to DDoS botnets. Most aim to make money under the pretense of offering a legitimate, useful service to test servers’ resiliency. In reality, they usually don’t require proof of identity from the individual launching the attack, nor do they ask whether the attacker is associated with the organization being targeted.
“As this event illustrates, it remains ridiculously cheap to rent a devastating DDoS attack from these so-called DDoS ‘stressers’ or on the Dark Web,” says Andrew Lloyd, president of Corero Network Security. “In many territories, it also remains a criminal offence.”
Authorities in five countries, including Canada, Croatia, Serbia, and the Netherlands, along with support from Europol and Police Scotland, arrested six suspected members of the group behind Webstresser on April 24. Dutch Police, with support from Germany and the US, seized servers and started the takedown of the site on the morning of April 25.
Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) provided support for the investigation by enabling an information exchange among all participating organizations. On the day of the takedown, a command and coordination post was set up at Europol HQ. Europol reports measures were also taken against Webstresser’s top users in the Netherlands, Italy, Spain, Croatia, the UK, Australia, Canada, and Hong Kong.
NCA officials believe an attacker linked to an address in Bradford, UK, used Webstresser to target seven of the UK’s largest banks in November 2017. The banks were forced to scale back their operations and, in some cases, shut down entire systems, costing hundreds of thousands of pounds in recovery. The address was identified and searched as part of this effort.
Source | darkreading