Cops yesterday cuffed IT admins behind the "world’s biggest DDoS marketplace", webstresser.org, Europol confirmed today.
Europol said Webstresser.org had 136,000 registered users and four million attacks measured by April 2018, targeting online services from banks, government institutions, police forces and the gaming world.
Operation Power Off, as the investigation was code-named, was led by Dutch police and Britain’s National Crime Agency with support from a dozen law enforcement agencies around the world, including Europol’s Cybercrime Centre.
"Stressed websites make powerful weapons in the hands of cybercriminals," said Jaap van Oss, Dutch chairman of the Joint Cybercrime Action Taskforce.
"International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users," he added.
The administrators were based in multiple locations including the UK, Croatia, Canada and Serbia. The service was shuttered yesterday and the infrastructure seized.
Unspecified "further measures" were also taken against the top users in the above four countries, as well as in Italy, Australia, Hong Kong and Spain.
Any registered user on Webstresser.org could cough a nominal fee, some as low as €15 per month – paid for with cryptocurrencies or online payments services – to rent the use of stressors and booters.
This meant those with without deep tech skills could simply hire a DDoS attack, said Steve Wilson, head of Europol's Cybercrime Centre.
"We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online."
The biggest DDoS incident occurred earlier this year when code repository GitHub was take down in a 1.3Tbps attack. This record was broken days later by a 1.7Tbps assault on a US service provider, as made public by Arbor Networks. ®