The RCMP was involved in action by several police forces this week who shut down what they say was the world’s biggest Distributed Denial of Service (DDoS) website.
The Mounties said they executed a search warrant in Toronto as part of the takedown Tuesday of Webstresser.org, linked to more than four million cyber attacks across the globe. One was a massive attack against seven of the U.K.’s biggest banks in November, 2017. The banks were forced to reduce operations or shut down entire systems, police said, and had to pay hundreds of thousands of dollars to get services back up and running.
Europol said the six administrators of the site were located in the United Kingdom, Croatia, Canada and Serbia and that charges were laid. However, the RCMP press release made no mention of criminal charges laid here.
Europol also said unspecified “further measures” were taken against the top users of this marketplace in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong.
After the arrests Dutch police, with assistance from Germany and the United States, then seized servers and effected a takedown of the website Tuesday morning.
This investigation was led by the Dutch National High Tech Crime Unit and the U.K.’s National Crime Agency, with the support of Europol’s Cyber Crime Centre and a dozen other police agencies.
Webstressor.org presumably got its name because it sold stressers, which were advertised as being legitimately available for developers to test the resiliency of servers. In fact, say police, the stressers and booters were for-hire services that provided access to DDoS botnets for attacks.
The site had some over 136 000 registered users, police said, who often targeted banks, government institutions, police forces and victims in the gaming industry. It’s popularity stemmed from the site’s ability to offer DDoS-as-a-service, with fees as low as EUR 15.00 (about CDN$23,44) a month.
“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kinds of malicious activities online,” Steven Wilson, head of the European Cybercrime Centre, said in a statement. “It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimizing millions of users in a moment from anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyber attacks.”
A DDoS attack overwhelms a target server(s), making it unavailable for as long as the attack lasts. The goal may be to harass the target or to divert attention of the IT security team from an attempt to penetrate the network or install malware.
The ability of criminals to harness huge botnets composed of poorly-secured devices — particularly so-called Internet of Things home devices like Webcams — led Microsoft to announce this month a royalty-free secure and upgradable chip design for IoT new devices. Another vector is the use of improperly configured servers that use the open source Memcached high-performance distributed memory object caching system.