One of the largest distributed denial of service (DDoS) marketplaces has been shut down by European law enforcement.
Webstresser.org, closed by Europol on Wednesday, boasted more than 100,000 users. It offered an array of services that allowed customers to wage attacks on specific targets that crippled internet infrastructure.
DDoS attacks work by forcing a flood of artificial internet traffic to a website until the traffic overloads a target and causes it to crash. The traffic often comes from large networks of computer systems that were compromised prior to the attack.
“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online,” Steven Wilson, head of Europol’s European Cybercrime Centre (EC3), said in a statement. “It’s a growing problem, and one we take very seriously.”
The shutdown is important because, according to Europol, Webstresser.org helped launch upwards of 4 million DDoS attacks since its inception. Targets of the hacking service have included government institutions, police forces, banks and video game companies.
For about $20 per month, nearly anyone could have used webstresser to launch a DDoS attack. The tool required no technical experience or knowledge to operate and depending on the user’s exact membership plan, they could have access to a customer service channel.
Four alleged administrators of webstresser were arrested earlier this week. Each is believed to have raked in hundreds of thousands of dollars from their scheme.
“International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users,” Jaap van Oss, Dutch chairman of the Joint Cybercrime Action Taskforce, said in a statement. “This joint operation is yet another successful example of the ongoing international effort against these destructive cyberattacks.”
The suspects were located around the globe, in the U.K., Canada, Croatia and Serbia. Servers that supported the website’s functions were seized in Germany and the U.S. The international nature of the case required the cooperation of various domestic law enforcement agencies.
For example, the investigation was led by the Dutch National High Tech Crime Unit in partnership with the UK National Crime Agency.
Europol coordinated the cybercrime fighting effort, which originally began in October 2017.