25 April 2018
A website linked to more than four million cyber attacks across the globe, including attacks targeting some of the UK’s biggest banks, has been shut down following an investigation led by the National Crime Agency (NCA) and the Dutch National Police, in collaboration with international law enforcement partners.
Authorities in five countries including the Netherlands, Serbia, Croatia and Canada, with support from Police Scotland and Europol, targeted six members of the crime group behind webstresser.org on Tuesday 24 April. Dutch police, with assistance from Germany and the United States then seized servers and effected a takedown of the website at 11:30am this morning.
Cyber criminals across the world have used webstresser.org, which could be rented for as little as $14.99, to launch in excess of 4 million so-called distributed denial of service (DDOS) attacks, in which high volumes of internet traffic are launched at target computers to disable them. Individuals with little or no technical knowledge could rent the webstresser service to launch crippling DDOS attacks across the world.
As part of the operational activity, an address was identified and searched in Bradford and a number of items seized. NCA officers believe an individual linked to the address used the webstresser service to target seven of the UK’s biggest banks in attacks in November 2017. They were forced to reduce operations or shut down entire systems, incurring costs in the hundreds of thousands to get services back up and running.
Officers from the NCA’s National Cyber Crime Unit (NCCU) identified criminal infrastructure in the Netherlands as part of an ongoing campaign against ‘DDoS-for-hire’ services, and worked closely with the Dutch National Police to identify the crime group behind the site and execute the coordinated law enforcement operation.
Stressers and booters are for-hire services that provide access to DDoS botnets – networks of malware-infected computers which are then effectively sub-let. They are often hidden behind a veil of authenticity in that they claim to have legitimate use to test the resilience of servers, but in reality are used by cyber criminals to ‘stress’ anybody. It’s this ‘stress’ that causes the disruption to services.
Jo Goodall, Senior Investigating Officer at the NCA said:
“A significant criminal website has been shut down and the sophisticated crime group behind it stopped as a result of an international investigation involving law enforcement agencies from eleven countries.
“Cyber crime, by default, is a threat that crosses borders and our response must be one that utilises the close international law enforcement collaboration that is crucial to tackling this threat. The arrests made over the past two days show that the internet does not provide bullet-proof anonymity to offenders and we expect to identify further suspects linked to the site in the coming weeks and months as we examine the evidence we have gathered.
“Cyber offenders can act against UK targets from anywhere in the world and this means UK-based offenders can also attack targets in any country. Our success depends on law enforcement, government and industry working together to fight cyber crime.
“Over the last year we have seen how cyber attacks have real-world consequences; resulting in actual physical harm as well as causing reputational and financial damage to businesses of all sizes. The cyber threat is constantly evolving and we are improving our tactics and capabilities in response. But businesses and individuals must report cyber crime - the earlier people report, the quicker we are able to assess new methodologies and limit the damage they can have.
“The Action Fraud website – www.actionfraud.police.uk – is the UK’s national fraud and cyber crime reporting centre and there’s also advice and guidance on how to mitigate against cyber attacks on the National Cyber Security Centre’s website www.ncsc.gov.uk”.
Dan Crisp, Director (Interim) Technology and Digital Policy, UK Finance said:
“Cybercrime is costing UK firms billions and has the potential to seriously disrupt our economy and wider society.
“The industry is hugely supportive of multilateral law enforcement programmes, which can effectively disrupt both cyber-criminal activity and illegal operations and help protect customers from attacks.”
“Our ‘Staying Ahead of Cyber Crime’ report demonstrates the importance of strategic collaboration with external agencies including the National Cyber Security Centre, National Crime Agency and police forces, in order to be more effective about tackling the ever-increasing cybercrime threat.”
Gert Ras, Head of the National High Tech Crime Unit at the Dutch National Police said:
“By taking down world’s largest illegal DDOS seller in a worldwide joint law enforcement operation based on NCA intelligence, we have made an unprecedented impact on DDOS cybercrime. Not only were the administrators of this illegal service arrested, but also users will now face prosecution and civil liability for caused damage.
“This is a warning to all wannabee DDOS-ers - do not DDOS because through close law enforcement collaboration, we will identify you, bring you to court and facilitate that you will be held liable by the victims for the huge damage you cause”.