Cybercrime website behind 4 million attacks taken down
Staff Writer |
A website linked to more than four million cyber attacks across the globe, including attacks targeting some of the UK’s biggest banks, has been shut down following an investigation led by the National Crime Agency (NCA) and the Dutch National Police, in collaboration with international law enforcement partners.
Article continues below
>
Authorities in five countries including the Netherlands, Serbia, Croatia and Canada, with support from Police Scotland and Europol, targeted six members of the crime group behind webstresser.org on Tuesday 24 April.
Dutch police, with assistance from Germany and the United States then seized servers and effected a takedown of the website.
Cyber criminals across the world have used webstresser.org, which could be rented for as little as $14.99, to launch in excess of 4 million so-called distributed denial of service (DDOS) attacks, in which high volumes of internet traffic are launched at target computers to disable them.
Individuals with little or no technical knowledge could rent the webstresser service to launch crippling DDOS attacks across the world.
As part of the operational activity, an address was identified and searched in Bradford and a number of items seized.
NCA officers believe an individual linked to the address used the webstresser service to target seven of the UK’s biggest banks in attacks in November 2017.
They were forced to reduce operations or shut down entire systems, incurring costs in the hundreds of thousands to get services back up and running.
Officers from the NCA’s National Cyber Crime Unit (NCCU) identified criminal infrastructure in the Netherlands as part of an ongoing campaign against ‘DDoS-for-hire’ services, and worked closely with the Dutch National Police to identify the crime group behind the site and execute the coordinated law enforcement operation.
Stressers and booters are for-hire services that provide access to DDoS botnets – networks of malware-infected computers which are then effectively sub-let.
They are often hidden behind a veil of authenticity in that they claim to have legitimate use to test the resilience of servers, but in reality are used by cyber criminals to ‘stress’ anybody. It’s this ‘stress’ that causes the disruption to services. ■