On the 24th of April 2018, the "DDoS on hire" service Webstresser.org was taken down in a joint operation known as Operation Power Off. Under the Operation Power Off, action was taken against the administrators of Webstresser.org as well as the top buyers of the services.
The operation spread out across various countries including UK, Netherlands, Italy, Spain among others. The administrators of the website were arrested in UK, Canada, Croatia, and Serbia and the infrastructure of the service was taken down in the US, Netherlands, and Germany. The top buyers of Webstresser.org were also identified in Netherlands, Australia, Canada, Hong Kong, Croatia, Spain and Italy and strict actions were taken against them. This massive operation was possible due to the efforts of the Dutch Police and the UK's national crime Agency which was well supported by Europol and various law enforcement agencies across the globe.
Webstresser.org: DDoS on Hire!
Webstresser.org was an organization that provided Distributed Denial Of Service(DDoS) services to customers at a minimal rate of 15 Euros a month. It was the largest known organization that provided such services to over 136k registered users. Its infrastructure was spread all around the world like US, Netherlands, and Germany. Webstresser.org is speculated to be responsible for over 4 million DDoS attacks that spread over various domains such as the gaming, banking as well as police department.
DDoS attacks are perpetrated with the use of botnet that can be spread all over the world. Webstresser.org had a well-structured infrastructure which is used to provide to the customers at an affordable cost. It is all that was needed to be a DDoS attacker. Customers were not required to be well-versed with the knowledge of Internet or networking. All you had to do was rent the services from Webstresser, and you were good to go. There was a whole lot of damage the customers could do with the Webstresser.org infrastructure for only 15 Euros a month. The customers could hire booters or stressers to carry out any attack. The users needed to register to their website and pay using either the cryptocurrency or an online payment wallet such as PayPal and Bitcoin. Paying via Bitcoin got the users a discount of 15 percent.
Investigation Efforts
The success of Operation Power Off can be attributed to the collaboration of International Police which was initiated by the Dutch National High Tech Crime Unit and the UK National Crime Agency. The coordination between the various investigative agencies was carried out by the Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT). The headquarters for such activities was set up at Europol's headquarters in The Hague.
According to Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3), "We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online. It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimising millions of users in a moment form anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks."
A Big Win for Investigative Agencies
Taking down the largest organization perpetrating DDoS attacks for a total time of over 15 years with an average of about 20 minutes per target was a huge win for the department of cybercrime. It is also a warning for organizations that are in the similar business to back down from such activities.
It is also a warning for the users to avoid getting involved with such organizations as the users will be prosecuted along with the owners of such organizations. You could receive a prison sentence for providing the DDoS attack infrastructure to users as well as obtaining services from some organization.
