Police acts against website offering for-hire cyberattack services

Lizard Squad cyber-attackers disrupt National Crime Agency website

British police seized over 50 devices probably used to perform cyberattacks during several raids

British authorities have carried out multiple raids against hundreds of cybercriminals throughout the United Kingdom. According to network security and ethical hacking experts from the International Institute of Cyber Security, these operations are part of an international campaign to trap users of Webstresser, considered by Europol as the world’s largest for-hire cyberattack platform.

The site was shut down in April 2018, although the authorities still continue to search for suspects. UK National Crime Agency (NCA) mentions that it is planning additional actions against nearly 400 suspected Webstresser customers in British territory.

Network security experts in Europol say that Webstresser has collaborated to launch more than 4 million of denial of service (DDoS) attacks and, at the time of its closure, had more than 150k registered clients. Rates for its users ranged from $15 to $20 per month.

NCA said it had already issued legal warnings (known as ‘cease and desist notices’) to many of the users whose devices were seized during these raids. These notices announce to those involved future legal actions if they continue their outside the law activities.

“This is a sign that although users of these services believe they can remain hidden, a fake user name and the use of cryptocurrency transactions will not provide them with the desired anonymity,” said Jim Stokley, network security specialist and director of the NCA Cyber Crime Unit. “We have already identified multiple suspects linked to Webstresser, and they will be brought before the courts,” reaffirms Stokley.

These actions in search of Webstresser clients are part of an international initiative against the use of the sites to hire services of DDoS attacks. During this operation, 15 other websites offering similar services to Webstresser were shut down. Romanian authorities also seized two suspicious sites and expected to share the information collected in these operations with Europol.

Cybersecurity expert Brian Krebs said that some firms of information security professionals have criticized this joint effort against customers of services such as those offered by Webstresser: “Most of them are young people under the age of 21 who use these services in disputes related to online video games,” the expert mentioned.

Security firms who are dissatisfied with this measure are asking the authorities to focus on the most serious cyber-offender groups and with real ability to compromise an organization’s information infrastructure.