Operation Vulcanalia targets users of netspoof website attack tool

12 Dec 2016

Twelve people have been arrested as part of a National Crime Agency operation targeting customers of website crippling software which can cost as little as £4.

Netspoof stresser was a Distributed Denial of Service (DDoS) programme that disabled web servers and websites by flooding them with massive amounts of data.

Netspoof subscription packages ranged from £4 to £380 – with some customers paying more than £8,000 to launch hundreds of attacks.

Where cybercrime has largely been seen as being committed by hackers with technical skills, stresser services allow amateurs – sometimes motivated by a grudge – to launch attacks easily and with little or no specialist knowledge.

Victims have included gaming providers, government departments, internet hosting companies, schools and colleges.

DDoS attacks are one of the most expensive cyber threats to businesses. A survey by cyber security specialists Kaspersky Lab and researchers B2B International of more than 4,000 small and medium firms and 1,000 large businesses showed an attack can cost more than £1.3 million for large enterprises and approximately £84,000 for smaller companies.

Damage can be both financial – including revenue loss and the cost of upgrading infrastructure – and reputational.

Operation Vulcanalia was based on intelligence gathered by the West Midlands Regional Cyber Crime Unit. It saw more than 60 individuals targeted with twelve arrests, 30 cease and desist notices issued, the seizure of computers from 11 suspects, one protective visit made and two cautions issued. 

The NCA-led operation – which involved officers from Regional Organised Crime Units (ROCUs) – had two strategies: pursuing and arresting repeat offenders and preventing further offending from first-time offenders.

The prevent strategy focused on warning youngsters with a cease and desist notice and by educating them about the damage DDoS attacks cause.

They were also informed that committing cyber crime can result in severe restrictions on their freedom, access to the internet, digital devices and future career prospects.

Senior investigating officer Jo Goodall, from the NCA’s National Cyber Crime Unit, said: “These attacks pose a huge economic cost to the economy. It is not a victimless crime.

“Smaller businesses have to absorb extra costs of DDoS protection services but every business hit by an attack can suffer reputational damage.

“It can cost very little to buy this illegal software so these attacks can now be launched by the relatively unskilled and almost anyone with a grievance.

“The scale of the problem is truly global. It requires worldwide co-operation which we have seen on this job with the focus on arresting those who won’t change their ways, and trying to prevent those who will from future offending.”

The activity was part of a wider Europol week of action, named Operation Tarpit, with similar investigations also launched in the US and Australia.

Europol’s Steven Wilson said: “Many IT enthusiasts get involved in seemingly low-level fringe cyber crime activities from a young age, unaware of the consequences that such crimes carry.

“One of the key priorities of law enforcement should be to engage with these young people to prevent them from pursuing a criminal path.”

With approximately 30% of UK businesses reporting a DDoS attack in the last year, the NCA and its partners continue to remind businesses to take steps to protect themselves.

The government’s Cyber Essentials Scheme provides guidance on how to guard against and mitigate threats from cyber crime.

The NCA has also relaunched its #CyberChoices campaign aimed at educating the parents of 12-15 year-olds whose children may be involved in cyber crime without their knowledge.

Ian Glover, president of CREST, which represents the technical information security industry, said: “It is extremely difficult for parents and guardians to understand the difference between a young person who is an enthusiastic gamer, or someone who is legitimately exploring technology from those who are engaging in criminal activities on line.

“The identification is made even harder because individuals who move into criminal activities do it gradually and it is difficult to see or even understand the tipping point.

“The NCA intervention programme is a really important initiative.”

- The NCA’s NCCU (National Cyber Crime Unit) recognises that cyber skills are vital to the UK economy and wants to encourage young people to develop their skills in an ethical way, and to aspire to successful careers within the cyber security industry. Where young people are visited for cease and desist they will be left with an information pack giving guidance on the Computer Misuse Act, but also about cyber careers and how to develop their skills ethically.

- DDoS-for-hire services such as netspoof accounted for 93% of all DDoS activity in the first quarter of 2016.

- Further advice on staying safe online can be found on Cyberstreetwise.com and Getsafeonline.org.

Warrants executed this week included: 

- A 27-year-old male from Hamilton, Scotland, was arrested and charged with offences under the Computer Misuse Act.

- A 23 year-old-male from Barry was arrested by Tarian the Wales ROCU.

- Titan, the North West ROCU, arrested an 18 year-old male from Lancashire and a 22 year-old male from Rhyl, North Wales.

- The NCA arrested a 30 year-old male from Peterborough.

- Zephyr, the South West ROCU, arrested one man.

- SEROCU, the South East ROCU, arrested a 20 year-old male from Wokingham, a 20 year-old male from Portsmouth and a 22 year-old male from Milton Keynes.


Share this Page: