First closing in on operators, now on users, as the hunt continues and law enforcement in many countries is about to swoop down on people who bought DDoS attacks on WebStresser

Remember last year’s takedown of the then-largest marketplace for hiring distributed denial-of-service (DDoS) attacks? The global law enforcement operation, called Power OFF, that shut down webstresser.org also resulted in the arrests of the site’s six suspected admins in four countries, as well as in efforts to bring the service’s major users to justice.

Fast forward nine months and Europol, which is the European Union’s law enforcement agency, and the United Kingdom’s National Crime Agency (NCA) have announced that they’re beginning to deliver on that goal. The concerted effort also involves law enforcement from around 20 countries on four continents.

With “a trove of information” about WebStresser’s user base in their hands, authorities are now conducting actions to track them down, said Europol.

Meanwhile, the NCA said that it has already executed eight warrants against former WebStresser customers and seized more than 60 personal computers, tablets and mobile phones. “A further 400 users of the service are now being targeted by the NCA and partners,” said the NCA.

“Our message is clear. This activity should serve as a warning to those considering launching DDoS attacks. The NCA and our law enforcement partners will identify you, find you and hold you liable for the damage you cause,” Jim Stokley, Deputy Director of the NCA’s National Cyber Crime Unit, was quoted as saying.

Europol also sent a warning to the effect that law enforcement may go knock (or perhaps worse) on the doors of anybody who rents DDoS-for-hire services, “be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain”.

WebStresser’s 151,000 registered users (up from 136,000 reported at the time of the sting) are believed to have been collectively responsible for four million DDoS attacks against targets ranging from banks, government institutions, police forces, and the gaming industry across the globe.

WebStresser was one of a number of “stresser”, or “booter”, services that operate openly on the internet as businesses under the pretense of offering to test the resiliency of a company’s servers. The stressers commonly sell access to DDoS botnets, which are networks of compromised computers that are “sublet” to whomever pays. The target is then flooded with a barrage of junk traffic, which takes it offline and renders it inaccessible for legitimate users. The victim may also incur considerable costs involved in fixing the damage.

The shutdown of WebStresser in April 2018 was not an isolated effort, of course. Just weeks ago, for example, the United States Federal Bureau of Investigation (FBI) seized 15 DDoS-for-hire websites.

Meanwhile, clampdowns on people who pay for DDoS attacks are nothing new, either. In December 2016, for example, Europol and a host of international partners arrested 34 and questioned 101 suspected buyers of DDoS-for-hire services, mostly teenagers.

In its latest announcement, Europol also noted the notorious case involving a particularly disruptive DDoS attack against a Liberian internet service provider in 2016. Three weeks ago, the Brit who was hired on the dark web to deploy his own botnet for the attack, crashing much of the country’s internet access in the process, was sentenced to 32 months in prison. He also remains “at the heart of a major international investigation into hundreds of acts of cyber sabotage around the world”, according to this BBC report.