The National Crime Agency (NCA) and law enforcement agencies from 14 countries are tracking down users of the former WebStresser DDoS-for-hire service, with personal laptops seized and prosecutions a possibility.
Distributed denial-of-attacks (DDoS) is a form of cyberattack which attempts to deliberately disrupt online services and prevent legitimate users from being able to access websites.
These attacks are usually based on networks of enslaved devices -- made possible through compromised systems or malware infections -- and have risen in power and effectiveness over the past few years.
In 2018, GitHub was hit with a 1.3Tbps DDoS attack and this was followed by a US service provider that suffered a DDoS attack of a 1.7Tbps magnitude. The majority of DDoS attacks, however, generally reach around 1Gbps.
WebStresser was an online service which permitted anyone to launch a DDoS attack without any expertise or knowledge of botnets.
The DDoS marketplace was seized and closed in April 2018 with the help of Europol and the Dutch Police. WebStresser catered for over 136,000 registered users and is believed to be responsible for roughly four million DDoS attacks worldwide.
WebStresser could be 'hired' for as little as €15.
The NCA, Regional Organised Crime Units (ROCUs) in the United Kingdom, and Police Scotland have now turned their attention towards former customers of the DDoS-for-hire. Eight warrants have been issued and over 60 PCs, tablets, and smartphones have been seized from UK individuals believed to be former WebStresser users.
"250 users of webstresser.org and other DDoS services will soon face action for the damage they have caused," Europol says.
Cease and desist notices have also been issued and a further 400 individuals from the WebStresser user list are now being investigated.
According to Jim Stokley, Deputy Director of the NCA's National Cyber Crime Unit, the actions should be considered "a warning to those considering launching DDoS attacks." However, it is worth keeping in mind that only a small fraction of users are being investigated in comparison to the full WebStresser user list, and law enforcement would have a tough time if they attempt to track everyone down.
TechRepublic: Top 5 ways people are okay sharing data
"The numbers speak for themselves in this case," Sean Newman, Director of Product Management at Corero told ZDNet. "With those prepared to launch DDoS attacks, on just this one service, well into six figures, and only 250 currently being pursued for their crimes, it's indicative of how easy it is for the perpetrators to mask their true identities. The ease with which any individual can use an anonymized email account for communications and make payments in cryptocurrency ensures it is extremely hard-going trying to track down the individuals concerned."
In related news, Europol and the FBI recently seized the xDedic domain and accompanying servers in a raid on the marketplace known for offering access to compromised servers. Traders would usually offer access to these systems through compromised Remote Desktop Protocol (RDP) accounts.
Three individuals suspected of connections to xDedic were also arrested in Ukraine.
Law enforcement from the US, the UK, and the Netherlands also seized and closed 15 DDoS-for-hire services just before the Christmas holiday.