Operation Power Off ends website’s crime sales

A website believed to have been selling custom Distributed Denial of Service (DDoS) attacks to thousands of users has been shut down, Europol announced today.

Bespoke tools for malicious online activity were reportedly being sold for as low as €15 per month, allowing for four million attacks on banks, government, law enforcement, and the gaming industry, from October 2017 to April of this year.

Webstresser.org, the site in question, was the world’s largest marketplace for DDoS attacks, according to Europol.

Following payment, buyers could direct huge amounts of online traffic to a target website, overloading an organization’s servers to prevent access.

A joint investigation by the Dutch National High Tech Crime Unit and the National Crime Agency – with assistance from Europol – saw the arrests of Webstresser administrators, who were located in Croatia, Serbia, Canada, and the UK.

The site’s infrastructure in the Netherlands, US, and Germany was also seized, with further action being taken against its top buyers, Europol said.

Steven Wilson, head of Europol’s European Cybercrime Centre, added: “We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online."

"It’s a growing problem, and one we take very seriously.”

Most notably, however, was the ease in which Webstresser’s services could be bought online and accessed through the clear web.

Jaap van Oss, Dutch Chairman of the Joint Cybercrime Action Taskforce, said: “Stresser websites make powerful weapons in the hands of cybercriminals.

“International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users.

“This joint operation is yet another successful example of the ongoing international effort against these destructive cyberattacks.”