The world's largest cybercrime platform has been taken down in an 11 nation- strong cyber security operation, led by Dutch and British Europol Agency Police. This joint venture required the international cooperation of the following: America, The United Kingdom, The Netherlands, Germany, Italy, Spain, Croatia, Serbia, Canada, Australia and Hong Kong.
Welcome to the world of solving cybercrime, where joint tasks forces, spanning languages, cultures and continents are vital in bringing criminals to justice. The target, a SAAS website platform for would-be revenge hackers have been attributed to over 4 million cyber attacks worldwide, including a series of attacks on UK high street banks, with damage to the tune of hundreds of thousands of British pounds.
Not bad, for one website, namely www.webstressser.org.
The question is how were they so powerful, successful and of course, how were they stopped?
Webstressor.org was a SAAS website providing software designed to create serious disruption in distributed denial-of-service (DDoS) attacks. The attacks basically work by frazzling websites and online services, including banks, with extreme amounts of traffic.
DDos attacks themselves are not always highly sophisticated, quite the opposite, they are a standard and simple way to harass enemies online. All Webstressor.org did was offer this service for the less technologically advanced at such a low cost, that pretty much anyone could assume the role of a cybercriminal within moments.
This is unfortunately not limited to Webstressor, Steven Wilson, the Head of Europol’s Cybercrime center stated that professional hackers have migrated to the service industry allowing
" individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online"
The difference between Webstressor and other opportunist cybercrime platforms is simply that Webstressor.org provided a better service.
They offered clients, their services, for a mere 15 euros a month, hardly a tough sell and even launched a mobile phone app for clients to start an attack with one ‘swipe’ without having to log onto their PCs. The monthly charge gave clients a specified number of attacks along with “24x7 email support”, surprisingly better than many above board SAAS companies that we won’t point out by name.
This level of service speaks for itself and was definitely reflected in their popularity levels on Facebook and other social media.WebStresser.org had over 136,000 registered users when it was shut down, and held clear responsibility for DDoS attacks on governments, police and banks causing huge financial losses.
The intricacy of the operation, named “Operation Power Off”, is an example of the resources required to shut down a website believed to be launched and run by a 19-year-old Serbian hacker nicknamed ‘mirk’.
Administrators of the site were arrested in the UK, Canada, Croatia and Serbia. Servers were seized in the US, Germany and Holland and finally serious users were investigated and had ‘measures’ taken against them and those guys were located in many worldwide locations.
In good news, not only Webstressor but 8 resellers were shut down in the same operation. In bad news, no-one is under the illusion that the gap won’t be filled, quite soon, by others.
\Webstressor.org may have been stopped but the value of attack ‘know-how’ on line has a price in bitcoin and other currencies and the demand for this type of service probably means that this victory against cybercrime be short-lived.