Scots arrested as website blamed for millions of cyber attacks

Share

With more than 136,000 registered users and four million cyber-attacks conducted by April 2018, Webstresser represented the most significant threat to vital online services offered by banks, the business sector and state institutions around the world. Europol and Police Scotland were also involved.

The Canadian investigation began in November 2017 when the RCMP was contacted by the United Kingdom National Crime Agency (UK NCA) and asked to assist with an ongoing multi-national investigation into an online service provided by Webstresser.org, a website that specialized in distributed denial of service (DDoS) attacks.

This meant those with without deep tech skills could simply hire a DDoS attack, said Steve Wilson, head of Europol's Cybercrime Centre.

It used to be a fairly complex task until sites like webstresser.org emerged, enabling any registered user to pay a nominal fee using online payment systems or cryptocurrencies to rent out the use of stressers and booters for as little as €15 a month.

"A significant criminal website has been shut down and the sophisticated crime group behind it stopped as a result of an worldwide investigation involving law enforcement agencies from eleven countries", explained Jo Goodall, Senior Investigating Officer at the NCA.

Meanwhile officers from the NCA's National Cyber Crime Unit (NCCU) identified criminal infrastructure in the Netherlands, and worked closely with the Dutch National Police to identify the crime group behind the site and execute the coordinated law enforcement operation.

College basketball panel calls for strict NCAA reform
Create independent investigative and adjudicative body to address and resolve complex and serious cases involving NCAA violations. Recent Level I infractions cases resulted in postseason bans of only one year.

"The amount of coordination it took to take a single grey market DDoS provider offline demonstrates the uphill battle national level law enforcement faces when attempting to disrupt even relatively unsophisticated threat actors".

Another expert welcomed the arrest of the ringleaders of the website.

Many criminals market similar services as a legitimate method of testing the resilience of servers, but are not legal, the NCA warned.

Before the Webstresser website received its unexpected new lick of paint, it certainly presented itself with more professional polish than the typical website beloved by the computer underground - seducing potential customers with a "dedicated professional support team" available 24×7, photos of its staff, and promises of "complete privacy".

"Arrests of cyber-criminals have increased significantly over the last few years, which show that the additional resources provided to cybersecurity in law enforcement is reaping real and tangible benefits".

Share