WebStresser.org site linked to global cyberattacks is shut down

Website had targeted governments, police services, banks and businesses

Screen grab dated 25/04/18 of an Operation Power OFF holding page which has replaced the webstresser.org website.  Photograph: Operation Power OFF/PA Wire

Screen grab dated 25/04/18 of an Operation Power OFF holding page which has replaced the webstresser.org website. Photograph: Operation Power OFF/PA Wire

 

In a co-ordinated operation involving police in 11 countries, including the United States, the world’s largest online attack-for-hire service, WebStresser.org – behind at least four million cyber attacks in the past three years – has been shut down and its infrastructure seized.

The complexity of the international response, wry ly named “Operation Power Off”, is an illustration of the huge level of physical and virtual expertise required to take down a website believed to have been set up and run by a 19-year-old Serbian hacker who goes by the nickname “mirk”.

WebStresser.org had an extraordinary 136,000 registered users when it was taken offline, and had been responsible since 2015 for distributed denial-of-service (DDoS) attacks on governments, police services, banks, and businesses of all sizes – causing chaos and frequently huge financial losses.

Ever conscious of the demands of the marketplace, WebStresser even launched a mobile phone app so that clients could launch attacks while away from their PCs

But what finally focused the authorities’ attention on WebStresser was not that it had grown from a minnow to a global shark in three years – but that it was now offering special low-cost deals: allowing customers to sign up to a payment plan for the attacks, for as little as €15 a month.

Hijacked web traffic

DDoS attacks direct huge amounts of hijacked traffic at a website or online platform, eating up the target’s bandwidth or overwhelming its server so that it slows down, becomes unusable, or is knocked offline – depriving users, such as a bank’s customers, for instance, of essential services.

A few years ago, launching a DDoS attack required an attacker well versed in internet technology. However, sites such as WebStresser changed all that, allowing criminals to purchase mercenary attack “packages” and to pay anonymously online, typically using cryptocurrencies such as Bitcoin.

Believe it or not, the monthly fee could buy the “client” a specified number of attacks, to be launched at the time of their choosing, along with “24x7 email support”, presumably to communicate along the way with the target.

Hackers used common devices like webcams and digital recorders to cut access to some of the world’s best-known websites on Friday. File photograph: Dominic Lipinski/PA Wire
The power may have been turned off to WebStresser.org, but the underworld of teenage hackers is most probably inexhaustible. File photograph: Dominic Lipinski/PA Wire

Ever conscious of the demands of the marketplace, WebStresser even launched a mobile phone app so that clients could launch attacks while away from their PCs.

Free hacking

It was also very active on Facebook, inviting users to post positive reviews on YouTube – for which the most glowing were rewarded with a month’s free hacking.

What WebStresser had realised was that while most criminals didn’t know the first thing about launching a DDoS attack themselves, many saw it as the way of the future, and so were willing to hire the expertise. ‘It’s a serious growth industry’, observe tech experts, iboss.

The good news is that the seizure of WebStresser means as many as eight online 'resellers' of its services have also disappeared

“Operation Power Off” was led by the Dutch police and the UK’s National Crime Agency, and co-ordinated internationally – in the US, the UK, the Netherlands, Germany, Italy, Spain, Croatia, Serbia, Canada, Australia and Hong Kong – by the European policing agency, Europol, in The Hague.

First, the “administrators” of the service were arrested in the UK, Canada, Croatia, and Serbia. Its servers were seized in the US, Germany, and the Netherlands. And further unspecified “measures” were taken against the busiest users of the service – who were located in Australia, Canada, Hong Kong, the UK, the Netherlands, Italy, Spain and Croatia.

A visitor to WebStresser.org is now greeted by a message saying the site and its domain name have been “seized” on foot of a warrant issued by the US District Court.

‘Resellers’

The good news is that the seizure of WebStresser means as many as eight online “resellers” of its services have also disappeared. The bad news is that this won’t last long in the virtual world.

Not many remember now-defunct vDOS, which was the most popular attack-for-hire service on the international market – used to launch attacks on Amazon, Vodafone, BT, the BBC and others – until the Israelis arrested its two 18-year-old founders in 2016.

The power may have been turned off to WebStresser.org, but the underworld of teenage hackers is most probably inexhaustible.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.