‘Operation Power Off’, law enforcement efforts in the U.S., U.K., the Netherlands and elsewhere, have taken down the DDoS-for-hire webstresser.org (previously webstresser.co) website. At its takedown, there were apparently 136,000 registered users who had launched between 4-6 million DDoS attacks worldwide over the past three years. According to Brian Krebs, it was “one of the most active services for launching point-and-click distributed denial-of-service attacks”. Fees for rentig a DDoS attack were as low as $14.99, allowing individuals with little or no technical knowledge to launch crippling DDoS attacks worldwide.
Four alleged administrators were arrested in the U.K., Canada, Croatia and Serbia and police in the Netherlands, Germany and the U.S. seized the website’s infrastructure. KrebsonSecurity said it had obtained information that the primary administrator of Webstresser allegedly was a 19-year-old from Prokuplje, Serbia named Jovan Mirkovic. He went by the hacker nickname “m1rk” and “Mirkovik Babs” on Facebook where for years, he openly discussed his role in programming and eventually running WebStresser.
Police have apparently also been paying house visits to site users, warning them about continued use of booter or stresser services such as webstresser.org. Furthermore, arrests of users have taken place in Hong Kong and the Netherlands.
“The message here is that people who use these services will not stay anonymous,” Gert Ras, head of the Netherlands National High Tech Crime Unit told Forbes. “We will bring them to court.”
In Europol’s announcement, they said webstresser.org was “considered the world’s biggest marketplace to hire Distributed Denial of Service (DDoS) services”. Attacks targeted banks, the gaming industry, the government and police. The main targets and customers were American, according to Europol’s lead case coordinator, speaking to Forbes. “It’s become one of the most important [DDoS stressers] on the market,” he said.
The website feigned legitimacy by advertising its services as a testing service to see how websites stood up to attacks and/or spikes in traffic. They said they provided “the strongest and most reliable server stress testing” and offered “24/7 customer support spread on over three different continents.”
According to Krebs, “Multiple sources are now pointing to other booter businesses that were reselling WebStresser’s service but which are no longer functional as a result of the takedown”. These include powerboot[dot]net, defcon[dot]pro, ampnode[dot]com, ripstresser[dot]com, fruitstresser[dot]com, topbooter[dot]com, freebooter[dot]co and rackstress[dot]pw.
Other ‘stresser’ services have also been taken down recently, including vDOS that launched over two million DDoS attacks over four years. The site was shut down and its alleged owners were arrested in Israel last August.
Krebs said the recent action against WebStresser is “the latest such takedown to target both owners and customers of booter services”. He added, “Many booter service operators apparently believe (or at least hide behind) a wordy ‘terms of service’ agreement that all customers must acknowledge, under the assumption that somehow this absolves them of any sort of liability for how their customers use the service — regardles of how much hand-holding and technical support booter service administrators offer customers.”
“Stresser websites make powerful weapons in the hands of cybercriminals” said Jaap van Oss, Dutch Chairman of the Joint Cybercrime Action Taskforce (J-CAT). “International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users. This joint operation is yet another successful example of the ongoing international effort against these destructive cyberattacks.”