Law enforcement agencies in the United States, UK, Netherlands, Poland, and Germany have brought down the most popular DDoS-for-hire services on the internet, responsible for tens of millions of attacks against websites.
50 of the world's biggest "booter" sites used to launch disruptive distributed denial-of-service attacks have been taken down as part of "Operation Power Off" - a joint action by the US Department of Justice, FBI, the UK's National Crime Agency, and their equivalents.
As a result, visitors to scores of DDoS-for-hire sites are greeted with the following message today:
THIS WEBSITE HAS BEEN SEIZED The FBI has seized this website for operating as a DDoS-for-hire service. This action has been taken in conjunction with Operation PowerOFF, a coordinated international law enforcement effort to dismantle criminal DDoS-for-hire services worldwide. DDoS attacks are illegal. Law enforcement agencies have seized databases and other information relating to these services. Anyone operating or utilizing a DDoS service is subject to investigation, prosecution, and other law enforcement action.
As the message makes clear, the seizure of the website is not just bad news for the criminals who operated them, but also those who paid sometimes as little as 10 Euros to launch a DDoS attack at the click of a button will find themselves under investigation.
This is all part of a long-term operation against so-called "booter" websites that have made it child's play for anybody to launch a DDoS attack that could cripple a website, making it inaccessible to its legitimate users.
Back in 2018, for instance, international law enforcement agencies arrested the administrators of DDoS marketplace webstresser.org, seizing control of its servers and database of over 136,000 users. In the years since, Webstresser's suspected customers have faced arrest and criminal charges.
And I say using a "booter" website is child's play for good reason. A study by the UK's National Crime Agency found that the number of attacks launched against school networks and websites had more than doubled from 2019 to 2020.
According to the study, many of those behind the attacks against educational establishments were secondary school children, with the average being 15 years old, and the youngest being a mere nine years old.
As a result, the UK's NCA began an educational campaign, which included buying ads on search engines, to raise awareness of the consequences of committing a cybercrime.
Other countries now appear to be following in the UK's footsteps by raising awareness that launching a DDoS attack is a serious crime that could result in getting in trouble with the police, or having your computer seized, or being banned from using the internet entirely.
The US Department of Justice says that the latest seizures and criminal charges against website owners "builds on the success of the prior cases by targeting all known booter sites, shutting down as many as possible, and undertaking a public education campaign."
Let's hope that others are hearing the message loud and clear that the police are actively investigating the users of DDoS-for-hire services, and are prepared to take serious action against them.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.