UK police target hundreds of DDoS attackers

The National Crime Agency (NCA) is taking action against customers of a website linked to more than four million cyber attacks across the globe.

The distributed denial of service (DDoS) attack service website, Webstresser, taken down by Dutch police and international law enforcement partners in April 2018, provided police with information about the site’s 136,000 registered users.

When it was taken down, Webstresser was the most popular DDoS-for-hire service on the market, enabling customers to target and overwhelm websites with access requests for as little as $15 by providing access to DDoS botnets controlled by the operators of the DDoS service.

Since November 2018, the NCA’s National Cyber Crime Unit (NCCU) has executed eight UK warrants and seized more than 60 personal computers, tablets and mobile phones, as well as issued several “cease and desist” notices with the support from regional organised crime units (ROCUs) and Police Scotland as part of Operation Power Off.

The operation is set to continue, with a further 400 users of the service to be targeted by the NCA and partners.

Jim Stokley, deputy director of the NCCU, said the coordinated international response to this threat shows how law enforcement works around the globe to combat criminally orchestrated disruption impacting the public sector, commerce and the public.

“The action taken shows that although users think they can hide behind usernames and cryptocurrency, these do not provide anonymity,” he said. “We have already identified further suspects linked to the site, and we will continue to take action.

“Our message is clear. This activity should serve as a warning to those considering launching DDoS attacks. The NCA and our law enforcement partners will identify you, find you and hold you liable for the damage you cause.”

Sean Newman, director of product management at DDoS protection and mitigation firm Corero, said it is encouraging to see law enforcement agencies around the globe continuing to crack down on cyber criminals. 

However, he said the relatively small number of Webstresser’s customers being tracked down by police shows how easy it is for the perpetrators to mask their true identities. 

“The ease with which any individual can use an anonymised email account for communications and make payments in cryptocurrency, ensures it is extremely hard going trying to track down the individuals concerned,” said Newman.

“Although this is positive news on the whole, organisations should not become complacent about the need for real-time DDoS protection, because Corero continues to see attacks on the increase year on year.”

DDoS attacks are often not considered to be as big a threat as other forms of cyber attack, despite the fact that businesses that rely on their websites for revenue can be impacted significantly if that website is unavailable to customers.

The impact of successful DDoS attacks globally was highlighted recently by the sentencing of 30-year-old hacker Daniel Kaye to almost three years’ imprisonment in the UK after being found guilty of carrying out DDoS attacks against Liberia’s leading mobile phone and internet company, using rented botnets and stressers before developing his own botnet. 

At their peak in November 2016, Kaye’s DDoS attacks crashed the West African country’s entire internet access, with one attack resulting in tens of millions of pounds’ worth of damage.

In the Netherlands, the police and the prosecutor’s office have developed a dedicated project, known as Hack_Right, to deal with young first-time offenders to prevent them from going on to more serious crimes. A Dutch user of Webstresser has already received this alternative sanction, according to Europol. 

The European police agency also reports that actions are under way worldwide to track down the users of DDoS attacks.

While some countries are focusing their actions against the users of Webstresser, specifically, law enforcement agencies around the world have intensified their activities against the users of DDoS booter and stresser services more generally.

To this effect, Europol said the FBI seized 15 other DDoS-for-hire websites in December 2018, including the relatively well-known Downthem and Quantum Stresser. Similarly, the Romanian police has taken measures against the administrators of two smaller-scale DDoS platforms and has seized digital evidence, including information about the users.

“Size does not matter – all levels of users are under the radar of law enforcement, be it a gamer booting the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain,” said Europol in a statement.

The DDoS-for-hire trend is a pressing issue, the police agency said, mainly because of how easily accessible it has become. According to Europol, stresser and booter services have effectively lowered the entry barrier into cyber crime because, for a small fee, any low-skilled individual can launch DDoS attacks with the click of a button, knocking whole websites and networks offline by barraging them with traffic.

Europol said the damage can be considerable, crippling businesses financially and depriving people of essential services offered by banks, government institutions and police forces.

Emboldened by perceived anonymity, many young IT enthusiasts get involved in this seemingly low-level crime, unaware of the consequences that such online activities can carry, said Europol.

“Cyber crime isn’t a victimless crime and it is taken extremely seriously by law enforcement,” it added. “The side-effects a criminal investigation could have on the lives of these teenagers can be serious, going as far as a prison sentence in some countries.”

Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand, the police agency noted, adding that there are many careers and opportunities available for anyone with such skills to use them wisely.