Krebs On Security reports:
Authorities in the U.S., U.K. and the Netherlands on Tuesday took down popular online attack-for-hire service WebStresser.org and arrested its alleged administrators. Investigators say that prior to the takedown, the service had more than 136,000 registered users and was responsible for launching somewhere between four and six million attacks over the past three years.
The action, dubbed “Operation Power Off,” targeted WebStresser.org (previously Webstresser.co), one of the most active services for launching point-and-click distributed denial-of-service (DDoS) attacks. WebStresser was one of many so-called “booter” or “stresser” services — virtual hired muscle that anyone can rent to knock nearly any website or Internet user offline.
Europol said Webstresser.org carried out distributed denial-of-service attacks for a price, sometimes as cheap as $18.26 US. The page had more than 136,000 users and carried out 4 million attacks by April, according to Europol, the European Union Agency for Law Enforcement Cooperation.
DDoS attacks are capable of taking out websites and servers by flooding an address with so many requests that it’s forced offline. In 2016, the Dyn attack managed to temporarily shut down major websites like Twitter, Spotify and Reddit.
Hackers need access to a massive amount of devices to carry out these attacks — usually with hijacked internet of things (IoT) gadgets — but websites like Webstresser.org could offer that service to anyone willing to pay.
Balkan Insight reports:
Croatia on Wednesday said its police had arrested the teenager behind Webstresser.org, a website where users could order Distributed Denial of Service, DDoS, attacks against internet pages worldwide.
It added that the 19-year-old was arrested on April 24 and charged with “serious crime against computer systems, programmes and data”, which carries a jail term of one to eight years. Webstresser charged its customers as little as 15 euros through online paying platforms or crypto-currencies like Bitcoin to orchestrate DDoS attacks on websites of their choice.
(Tipped by JMG reader Peter)