The administrators of the DDoS marketplace webstresser.org were arrested on 24 April 2018 as a result of Operation Power Off, a complex investigation led by the Dutch Police and the UK’s National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world.
If you visit the apprehended website (screenshot below), you would be seeing some interesting information about the coordinated campaign of cyber agencies from different parts of the world.
A simple whois lookup gives more information about this malicious peddler of DDoS attacks online. The site was registered less than a year ago on 17th June 2017 & did brisk business with selling DDoS attack services for dirt-cheap prices, as low as $15. Webstresser.org was considered the world’s biggest marketplace to hire Distributed Denial of Service (DDoS) services, with over 136 000 registered users and 4 million attacks measured by April 2018. The orchestrated attacks targeted critical online services offered by banks, government institutions and police forces, as well as victims in the gaming industry.
The site has now become the property of US Department of Defense, with the registrant information updated on 25th April.
It is interesting to note that the status of the domain is set with four values:
- clientTransferProhibited – This status indicates that it is not possible to transfer the domain name registration.
- serverDeleteProhibited – This status code prevents the domain from being deleted.
- serverTransferProhibited – This status code prevents the domain from being transferred from your current registrar to another.
- serverUpdateProhibited – This status code locks the domain preventing it from being updated
Clearly, the website is now going to remain up as a warning to all those engaged in nefarious activities online, that it is not unlikely for different countries to form a joint task force (refer screenshot for this Op) when the criminals have set up shops in different countries. The servers that hosted Webstresser.org were in Germany, the U.S. and the Netherlands amongst the disclosed locations.
News Source: https://www.europol.europa.eu/newsroom/news/world’s-biggest-marketplace-selling-internet-paralysing-ddos-attacks-taken-down
DDoS Modus Operandi (Infographic courtesy: Europol)