It appears that there is at least one point for the “good guys” when it comes to battling those that launch the dreaded DDoS attacks. A targeted action called “Operation Power Off” was coordinated between U.K., U.S. and Netherlands authorities in which they took down the organisation known as “WebStresser.org (formerly Webstresser.co).” This company had over 136,000 registered users and over the last three years was responsible for launching four to six million attacks.
What is a DDoS Attack?
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.
The good news is that, according to a DDoS mitigation firm, Link11, there has been a reduction in DDoS attacks across Europe by 60%. This validates the claim that WebStresser was the largest DDoS-for-hire portal. In some cases, other organisations were acting as resellers of the service, so when WebStresser went down, so did they.
Webstresser is just one of the many “stresser” or “booter” services involved in DDoS, who can be hired to knock down almost any internet user or website anywhere in the world. The National Crime Agency in the U.K. indicated that WebStresser didn’t require very much technical knowledge to launch and could be rented for as little as $14.99.
DDoS attacks specialise in inundating or flooding the targeted website or user to such a degree that it overwhelms the servers, literally taking them down. A Dutch National Police statement in Reddit indicated: “The damage of these attacks is substantial. Victims are out of business for a period of time, and spend money on mitigation and on (other) security measures.” Europol (the European Union law enforcement agency) released a different statement stating: “further measures were taken against the top users of this marketplace in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong.” Europol also reported that the WebStresser servers were located in the United States, the Netherlands and Germany.
The lead case coordinator of Europol indicated that when it comes to DDoS, Americans seem to be a majority of both the customers and the targets. The targets can include government institutions, banks, schools, the gaming industry and police forces. While the administrators might be more experienced in these types of attacks, a majority of those involved in creating the products are individuals under the age of 21 and often have fake Facebook pages that allow them to boast about their cybercriminal achievements. The Europol investigator said that “the service was professional, the most professional I’ve seen.” He indicated that the service controllers used amplification techniques for the attacks.
The takedown of the WebStresser organisation enabled the investigators to glean some rather interesting information. Europol shared some of the data, indicating that the longest duration of a single attack was around ten hours, however, the average duration for a single target was twenty minutes. The cybercriminal administrators made hundreds of thousands of dollars as they accepted payments from their “customers” via PayPal and Bitcoin, with Bitcoin payments being offered a 15% discount.
“Da Vinci Forensics knows that even when a large cybercriminal organisation has been taken down, there are hundreds, if not thousands of criminals that will step up to try to take their place. We specialise in keeping up on the latest news so that we can warn, educate and protect both the companies that we work with and their staff. We emphasise the serious condition of cybercrime and try to ensure that individual and proprietary data is protected.”
Da Vinci Forensics
https://www.bleepingcomputer.com/news/security/ddos-attacks-go-down-60-percent-across-europe-following-webstressers-takedown . https://www.forbes.com/sites/thomasbrewster/2018/04/25/massive-ddos-attack-service-webstresser-org-taken-down/#42139e592e3c https://krebsonsecurity.com/2018/04/ddos-for-hire-service-webstresser-dismantled/