Global cops power down world's 'most prolific' DDoS dealership
One arrest was made weeks ago but no word on the suspect's identity yet
A DDoS-for-hire site described by the UK's National Crime Agency (NCA) as the world's most prolific operator in the field is out-of-action following a law enforcement sting dubbed Operation Power Off.
The NCA, together with the Police Service of Northern Ireland (PSNI) and FBI, today announced the closure of digitalstress.su – a platform responsible for tens of thousands of DDoS attacks every week - and the arrest of its suspected admin.
The arrest was made on July 2 but authorities haven't named the suspect. DDoS-for-hire platforms, aka booters, allow budding cybercriminals to take their first step toward the dark side with what is essentially a point-and-click tool to flood a domain of choice.
"This is an old Soviet Union domain which many criminal services use in the belief that it presents a barrier for law enforcement agencies to carry out effective investigations," the NCA said.
"The NCA's activity however has shown that such domains are vulnerable and can be exploited to stop criminal activity and identify those responsible."
As is the fashion nowadays, the takedown came with the tomfoolery and white hat trolling we've come to expect from police in dealing with cybercrime operations.
There was the typical splash page that shows any visitors to the site that it has been taken over by the cops. Members of the platform's messaging services were also contacted, as happened with LockBit's affiliates when the gang was taken down in February.
"On 2 July, a joint operation by the NCA, PSNI, and FBI led to the arrest of a suspected controller of DigitalStress and we have now taken down www.digitalstress.su," said one message sent to the booter's regulars.
"We are watching you. Is it worth it?"
- Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown
- UK and US cops band together to tackle Qilin's ransomware shakedowns
- 4 cuffed following probe into holiday scheme for cybercrooks
- LockBit dethroned as leading ransomware gang for first time post-takedown
The whole "we are watching you" schtick has become a theme of these takedowns and featured heavily throughout Operation Endgame's week-long broadcast of videos following the disruption of various malware droppers.
All the members of the communications channels that are now under control of the authorities can expect any available data on them to be analyzed, which may lead to further investigations.
"Booter services are an attractive entry-level cyber crime, allowing individuals with little technical ability to commit cyber offenses with ease," said Paul Foster, head of the NCA's National Cyber Crime Unit.
"Anyone using these services while our mirror site was in place has now made themselves known to law enforcement agencies around the world. Although traditional site takedowns and arrests are key elements of law enforcement's response to this threat, we are at the forefront of developing innovative tools and techniques which can be used as part of a sustained program of activity to disrupt and undermine cybercriminal services and protect people in the UK.
"Our operations continue to demonstrate that criminals online can have no assurance of anonymity or impunity."
The takedown and arrest have come hot off the heels of similar activity in Spain, where the Guardia Civil arrested three individuals believed to be part of the hacktivist group NoName057(16).
The two operations aren't thought to be connected, but the latter saw three pro-Russia DDoSsers handcuffed in Huelva, Manacor, and Seville. They're accused of playing key roles in DDoS attacks against the public sector in Spain and other NATO countries.
Spanish police said the NoName057(16) members were also involved in running the DDoSia platform – one designed around the same time the group formed in 2022 amid the Russo-Ukrainian war. It allows supporters of the Russian cause to cobble their bandwidth together and launch attacks on pro-Ukraine entities.
Such attacks have been common among hacktivists on both sides of the war since it broke out. ®