Recently, the Europol busted the world’s largest DDoS-for-hire service which claimed to have launched 6 million attacks. Read on to know more about the shut-down of world’s largest DDoS service provider.
Recently, Europol officials busted the WebStresser, a website based service provider of DDoS attacks where users could register and launch DDoS attacks after paying for a monthly plan, with prices starting as low as €15 ($18.25). The WebStresser website, which is said to be the largest DDoS-for-hire online service, had over 136,000 users at the time it was shut down. The service was also responsible for cyber-attacks against seven of the UK’s biggest banks in November last year, as well as government institutions and gaming Industry. Europol said it had been responsible for over 4 million DDoS attacks in recent years.
Couple of days back, European law enforcement officials was celebrating for dismantling of a website which police claim sold Distributed Denial of Service (DDoS) attacks and helped launch up to 6 million of them for as many as 136,000 registered users.
DDoS attacks typically flood web servers with traffic to take them down. So-called stressers sell those attacks as a service, offering to take down customers’ selected targets for a small fee or providing direct access to a simple DDoS tool. According to investigators working on Operation Power Off, webstresser.org appeared to be the biggest of all such services.
Operation Power Off
Operation Power Off, as the investigation was code-named, was led by Dutch police and Britain’s National Crime Agency with support from a dozen law enforcement agencies around the world, including Europol’s Cybercrime Centre. Operation Power OFF is a coordinated effort by law enforcement agencies from The Netherlands, United Kingdom, Serbia, Croatia, Spain, Italy, Germany, Australia, Hong Kong, Canada and the United States of America, in cooperation with Europol.
The WebStresser website has been replaced with a page announcing that law enforcement authorities had taken the service offline. Web visitors to the WebStresser website will now see a notice stating that the site has been seized in conjunction with “Operation Power Off”, which is the name of the multi-country operation that took down the site.
The admins working for WebStresser were also arrested. Besides shutting down the WebStresser website’s server infrastructure, police authorities said they also arrested the site’s administrators, located in the UK, Croatia, Canada, and Serbia. Two days back, Europol announced that four alleged administrators of the webstresser.org service were arrested on in the U.K., Canada, Croatia and Serbia, whilst the site was shut down and its infrastructure seized in Germany and the U.S. Dutch and UK cops led the investigation and were responsible for tracking down administrators and their infrastructure. Cops seized WebStresser’s server infrastructure located in the Netherlands, the US and Germany.
Europol added that “further measures” were taken against the website’s top users, who are responsible to have launched most attacks in recent years. However, police officials have not revealed the details of the specific measures but merely revealed that the users were located in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong.
A Google cache of the webstresser.org site reveals a boastful set of admins, but they appeared to be advertising their DDoS stresser as a testing service to see how well websites could stand up to attacks rather than anything illegal. They claimed to provide “the strongest and most reliable server stress testing” and promised “24/7 customer support spread on over three different continents.” They sold in packages, ranging from $18.99 per month for the “bronze” membership to $49.99 for the “platinum” service.
The team members all went by pseudonyms, including Admin the CEO, backend developer m1rk, head of support Mixerioza and “support agent” Tyrone. They ran a Facebook page too, where they encouraged customer engagement, recently asking for help with YouTube marketing. Whoever managed the Facebook page also reported some problems with the site on April 9. “Deutscher Commercial Internet Exchange is currently experiencing outages so we remain offline until their network is fixed,” one message read. Investigators said they didn’t believe that downtime was related to the law enforcement action, however.
Top DDoS-for-hire Service
According to a source in the DDoS mitigation Industry, WebStresser was launched in 2015 which was known to offer small-time service and later evolved over the years.
The DDoS-for-hire service gradually offered additional support over the years for a plethora of DDoS attack types. Later WebStresser also launched a mobile app from which users could launch attacks when away from their PCs. WebStresser accepted payment via PayPal and Bitcoin and aggressively promoted its service on hacking forums and social media.
In recent years, WebStresser web based service became extremely popular being the first result returned on Google when searching for terms like “DDoS booter” or “DDoS stresser.”
WebStresser also had a very active Facebook page where it regularly asked users to post positive reviews of the site on YouTube for which it would reward users with free access to the service for a month. There were 2,450 YouTube videos with WebStresser mentions at the time of writing.
The biggest DDoS incident occurred earlier this year when code repository GitHub was take down in a 1.3Tbps attack. This record was broken days later by a 1.7Tbps assault on a US service provider, as made public by Arbor Networks.
The Bottom Line
The rise of cheap DDoS-as-a-service has lowered the barrier to entry for would-be cybercriminals and hacktivists to get into the website-blocking game, so the demise of Webstresser is sure to send a few shock tremors across the underworld landscape.
While authorities are touting this as a major victory, there’s good reason to be cautious. It doesn’t take much to start a new DDoS network, especially if you can wield botnets that will do the hard work in place of specialized servers. This is definitely a victory — it’s just unlikely to be a decisive one.