Police forces across the UK are carrying out a nationwide crackdown on hundreds of UK-based hackers who purchased hacking tools from Dark Web marketplace Webstresser to carry out hundreds of thousands of DDoS attacks on websites.
In April last year, Europol, the Dutch Police and the UK’s National Crime Agency along with a dozen law enforcement agencies from around the world succeeded in taking down Webstresser.org, the world’s biggest Dark Web marketplace that offered Distributed Denial of Service (DDoS) services for hire.
Before it was taken down, Webstresser was considered the world’s biggest marketplace to hire Distributed Denial of Service (DDoS) services and had over 136,000 registered users and 4 million attacks measured by April 2018 and DDoS tools available at the marketplace were used to target critical online services offered by banks, government institutions and police forces, as well as victims in the gaming industry.
Sophisticated DDoS tools were available on Webstresser for hire for as low as EUR 15.00 a month, thereby ensuring that cyber criminals who didn't have enough funds to launch attacks on their own could also rent malicious stressers and booters to fulfill their motives.
Over 400 Webstresser users in the UK to face action
According to the National Crime Agency, even though Webstresser ceased to function in April last year, UK police forces are still trying to trace and apprehend home-based hackers who purchased hacking tools from the Dark Web marketplace to launch DDoS attacks on hundreds of websites owned by UK organisations.
"Since November 2018, a number of Webstresser.org users in the UK have found themselves the subject of law enforcement activity. Officers from the NCA’s National Cyber Crime Unit, with support from Regional Organised Crime Units (ROCUs) and Police Scotland, have executed eight warrants and seized more than 60 personal computers, tablets and mobile phones. A number of users also received ‘cease and desist’ notices. A further 400 users of the service are now being targeted by the NCA and partners," it said.
"The action taken shows that although users think that they can hide behind usernames and crypto currency, these do not provide anonymity. We have already identified further suspects linked to the site, and we will continue to take action.
"Our message is clear. This activity should serve as a warning to those considering launching DDoS attacks. The NCA and our law enforcement partners will identify you, find you and hold you liable for the damage you cause," said Jim Stokley, Deputy Director of the NCA’s National Cyber Crime Unit.
Concerted global action against DDoS hackers
According to Europol, while law enforcement authorities in the UK are doing commendable work in going after over 250 users of Webstresser and other DDoS services, authorities the Netherlands, Belgium, Croatia, Denmark, Estonia, France, Germany, Greece, Hungary, Ireland, Lithuania, Portugal, Romania, Slovenia, Sweden, Australia, Colombia, Serbia, Switzerland, Norway and the United States have also joined the fight against DDoS attacks.
"While some are focusing their actions against the users of webstresser.org specifically, law enforcement agencies around the world have intensified their activities against the users of DDoS booter and stresser services more generally. To this effect, the FBI seized last December 15 other DDoS-for-hire websites, including the relatively well known Downthem and Quantum Stresser.
"Similarly, the Romanian police has taken measures against the administrators of 2 smaller-scale DDoS platforms and has seized digital evidence, including information about the users. Size does not matter – all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain," it added.
"Stressor and booter services make it all too easy for anyone to launch disruptive DDoS attacks, there is no barrier to entry, and they have been a factor in the growth of DDoS as a mainstream problem. This collaborative effort to trace webstresser users shows that those using these services can no longer rely on retaining their anonymity," said Darren Anstee, CTO for Security at NETSCOUT.
"This is exactly the kind of action that is needed, as it will dissuade others from simply ‘clicking the button’ to launch an attack – with no consideration of the consequence of that attack. It should be noted however that this will only dissuade some from using these kinds of services, criminal behaviour will persist, and DDoS attacks will continue. Every organisation needs to take responsibility for ensuring the availability of their online services is adequately protected.
"The best-practice defence against DDoS is a layered solution compromising of both a cloud and ISP-based DDoS protection service, which has the capability to stop high-magnitude attacks. That combination will allow organisations to deal proactively with even the most stealthy and sophisticated attacks.
" DDoS is a well-understood threat, yet we still see large brands facing disruption from DDoS attacks. Large-scale efforts by the authorities will help in the long-term, but businesses must also protect themselves through putting the right technology, processes and people in place," he added.