Major DDoS cyber crime website shut down

A website linked to more than four million cyber attacks across the globe, including those targeting some of the UK’s biggest banks, has been shut down, with arrests in Croatia, Serbia, Canada and Scotland.

The action follows an investigation led by the UK’s National Crime Agency (NCA) and the Dutch National Police, in collaboration with international law enforcement partners.

Authorities in the Netherlands, Serbia, Croatia and Canada, with support from Police Scotland and Europol, targeted six members of the crime group behind the Webstresser website, while Dutch police, with assistance from Germany and the US, seized servers and took down the website.

Cyber criminals across the world have used webstresser.org, which could be rented for as little as $14.99, to launch more than four million distributed denial of service (DDoS) attacks, in which high volumes of internet traffic are launched at target computers to disable them.

The DDoS service meant that individuals with little or no technical knowledge could launch crippling attacks around the world.

A recent report by University of Surrey researcher Mike McGuire highlights a “platform capitalism” approach to selling, rather than committing, crime.

He found criminal sites offering ratings, descriptions, reviews, services, and even technical and customer support. These platforms are improving the criminal “customer experience” and allowing easy access to services and products that support the commission of crime on a global scale.

As part of the Operation PowerOff activity, an address was identified and searched in Bradford, UK, and a number of items seized. NCA officers believe an individual linked to the address used the Webstresser service in November 2017 to target seven of the UK’s biggest banks, which were forced to reduce operations or shut down entire systems, incurring costs in the hundreds of thousands to get services back up and running.

Officers from the NCA’s National Cyber Crime Unit (NCCU) identified criminal infrastructure in the Netherlands as part of an ongoing campaign against “DDoS-for-hire” services, and worked closely with the Dutch National Police to identify the crime group behind the site and execute the coordinated law enforcement operation.

Stressers and booters are for-hire services that provide access to DDoS botnets or networks of malware-infected computers which are then sub-let. They are often hidden behind a veil of authenticity in that they claim to have legitimate use to test the resilience of servers, but in reality are used by cyber criminals to “stress” anyone. It is this “stress” that causes the disruption to services, the NCA said.

Jo Goodall, senior investigating officer at the NCA, said: “A significant criminal website has been shut down and the sophisticated crime group behind it stopped as a result of an international investigation involving law enforcement agencies from 11 countries.

“Cyber crime, by default, is a threat that crosses borders and our response must be one that utilises the close international law enforcement collaboration that is crucial to tackling this threat. The arrests made over the past two days show that the internet does not provide bullet-proof anonymity to offenders and we expect to identify further suspects linked to the site in the coming weeks and months as we examine the evidence we have gathered.

“Cyber offenders can act against UK targets from anywhere in the world and this means UK-based offenders can also attack targets in any country. Our success depends on law enforcement, government and industry working together to fight cyber crime.”

Goodall added: “Over the past year, we have seen how cyber attacks have real-world consequences, resulting in actual physical harm as well as causing reputational and financial damage to businesses of all sizes. The cyber threat is constantly evolving and we are improving our tactics and capabilities in response. But businesses and individuals must report cyber crime – the earlier people report, the quicker we are able to assess new methodologies and limit the damage they can have.

“The Action Fraud website is the UK’s national fraud and cyber crime reporting centre and there is also advice and guidance on how to mitigate against cyber attacks on the National Cyber Security Centre’s website.”

Gert Ras, head of the National High Tech Crime Unit at the Dutch National Police, said: “By taking down the world’s largest illegal DDoS seller in a worldwide joint law enforcement operation based on NCA intelligence, we have made an unprecedented impact on DDoS cyber crime. Not only were the administrators of this illegal service arrested, but also users will now face prosecution and civil liability for caused damage.

“This is a warning to all wannabe DDoS-ers – do not DDoS because through close law enforcement collaboration, we will identify you, bring you to court and facilitate that you will be held liable by the victims for the huge damage you cause.”

Dan Crisp, interim technology and digital policy at UK Finance, said: “Cyber crime is costing UK firms billions and has the potential to seriously disrupt our economy and wider society.

“The industry is hugely supportive of multilateral law enforcement programmes, which can effectively disrupt both cyber criminal activity and illegal operations and help protect customers from attacks.”

Emily Orton, co-founder of security firm Darktrace, said the takedown operation should be a wake-up call to organisations. “Organised cyber crime is here and it’s here to stay,” she said. “This is a mass-scale criminal ecosystem. We aren’t fighting against individual teenagers in their bedrooms, but an economic crime model that is very profitable.

“The prosecution and, hopefully, jailing of the perpetrators of this website is a very important and positive step towards deterring such organised cyber crime.

“With cyber attacks easily and inexpensively available, the barrier for entry for cyber criminals is being lowered, and no organisation is immune to cyber attack. With churches and non-profits targeted alongside global banks and operators of critical national infrastructure, it is becoming increasingly evident that a new approach to cyber security is urgently required.”