Dutch Police & NCA lead takedown of world's largest DDoS marketplace
Dutch Police & NCA lead takedown of world's largest DDoS marketplace

Operation Power Off, led by the Dutch Police and the UK's National Crime Agency, supported by Europol and a dozen other law enforcement agencies led to arrests yesterday (24 April) of the administrators of DDoS marketplace webstresser.org, including people in the UK, Croatia, Canada and Serbia.


Top users of the marketplace in the Netherlands, Italy, Spain, Croatia, the UK, Australia, Canada and Hong Kong were also hit and the service shut down with infrastructure seized in the Netherlands, the US and Germany.


In a press release Europol describes Webstresser.org as the world's biggest marketplace to hire Distributed Denial of Service (DDoS) services, with more than 136 000 registered users and four  million attacks reported by April 2018. Victims include critical online services at banks, government institutions and police forces, as well as victims in the gaming industry.


Attackers used the service to remotely control connected devices that would direct vast volumes of traffic at a target website or an online platform, making their service unsuably slow, or knocking it completely offline.  Fees were reported to be as low as EUR 15.00 a month, allowing individuals with little to no technical knowledge to launch crippling DDoS attacks.


The investigation initiated by the Dutch National High Tech Crime Unit and the UK National Crime Agency; Europol's European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) supported the investigation, facilitating the exchange of information between all partners.


"We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online", said Steven Wilson, Head of Europol's European Cybercrime Centre (EC3). "Criminals are very good at collaborating, victimising millions of users in a moment form anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks."


"Stresser websites make powerful weapons in the hands of cybercriminals" said Jaap van Oss, Dutch Chairman of the Joint Cybercrime Action Taskforce (J-CAT). "International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users."


In an email to SC Media UK, Gregory Webb, CEO, Bromium commented: “The platform criminality model is productising malware and making cyber-crime as easy as shopping online. Not only is it easy to access cyber-criminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks. We can't solve this problem using old thinking or outmoded technology. By focusing on new methods of cyber-security that protect rather than detect, we believe we can make cyber-crime a lot harder.”


Bromium recently produced a report,  Into the Web of Profit*, which detailed the extent of such crime including:

  • Crimeware-as-a-service earns cybercriminals £1.15 billion per year

  • DDoS attack hire generates £9.3 million of revenue per year

  • The average DDos attack costs around £150 per day, with some rising to as much as £750 per day

  • There are an average of 6.5 milion  DDoS attacks per year


*Web of Profit is an academic study carried out by Dr Mike McGuire, senior lecturer in criminality at Surrey University available  here.