Government Authorities Raid DDoS Providers and Customers

DDoS for hire services operate as a niche within the cybercrime ecosystem, are increasing in popularity as an efficient and effective option to carry out attacks, and are often sold with promises that they will never be detected. *Cough*

First Published 11th February 2019  |  Latest Refresh 14th May 2021

DDoS-for-Hire customers are now starting to meet new people in law enforcement.

4 min read  |  Reflare Research Team

The Crackdown Has Begun

Authorities in the UK have raided several providers and customers of Distributed Denial of Service (DDoS) attack services. In this research brief, we will take a look at what happened, the economics around DDoS attacks, and likely future developments.

What Happened?

Back in April of 2018, authorities from the US, UK and Netherlands took down an online service selling DDoS attacks called Webstresser. This service is suspected of having been used by thousands of customers to stage an estimated four million attacks. DDoS attacks send a very large amount of traffic to a target server with the goal is to overwhelm the system, therefore making it unusable. 

While payments to Webstresser were made in cryptocurrencies and with identities hidden behind online accounts, neither of these techniques provides the level of anonymity that unskilled customers of such services assume. Small mistakes or specific usage patterns can easily lead investigators to both customers and operators being identified. Subsequently, ten months after the initial raid on the Webstresser marketplace, authorities began taking action against at least 250 customers.

Following on from those events, the first successful customer prosecutions have begun with the guilty pleas of two US citizens and the sentencing of a British national. Further prosecutions are expected at the action moves forward.

The Economics of DDoS Attacks

DDoS attacks require a large number of computers - ideally spread evenly across the world. Computers infected with malware and thereupon added to botnets are usually the ones abused by criminals in these cases. Since most criminally-inclined people don’t have the technical skills and risk tolerance to establish their own botnets and since many operators of botnets try to optimize their profits, marketplaces that matched botnet operators with those seeking to carry out a DDoS attack developed over time. Customers pay money to the botnet operators who in turn perform the DDoS attack against a specified target.

Motivations to pay for such attacks can vary widely. Some may seek to hinder competing platforms, services or online stores. Others use DDoS attacks to extort ransoms from the targeted websites. But a surprisingly large number of attacks are carried out for personal reasons such as taking down sites associated with disliked individuals or preventing others from competing in online games.

There's more than one way to take out a gaming adversary.

The proliferation and ease of use of DDoS service marketplaces have led to a wide variety of customers - from hardcore criminals looking to extort money to hormonal teenagers seeking to settle an online-gaming feud. 

What Developments are Likely in the Future?

The wide variety of customers of DDoS services has led to some considerations among governments. While the effects of a grown criminal attempting to extort money and a teenager trying to win an online game are ultimately the same, there are many that baulk at drawing a moral equivalency.

Countries such as the Netherlands have begun to sentence younger, less impactful and more rehabilitable offenders to an internship at IT companies as punishment. While we do expect other countries to follow suit in establishing such programs over the coming years, at this point in time, it is too early to predict whether they will be successful in curbing cybercrime.

We fully expect as the Hacking-as-a-Service sector and wider society’s dependency on technology grows, law enforcement efforts will also expand. However, while the law plays catch-up with Webstresser's customer base, DDoS attacks, along with many other types of hacking techniques continue to wreak havoc for all organisations they hit. Both tech and non-tech staff have a role to play in increasing the cyber resilience against any and all security breaches. Learn how to mitigate risks of specific hacking practices and stay abreast of the trends by checking out our research briefs on other related topics.