Share this
Government Authorities Raid DDoS Providers and Customers
by Reflare Research Team on May 14, 2021 7:40:00 PM
DDoS for hire services operate as a niche within the cybercrime ecosystem, are increasing in popularity as an efficient and effective option to carry out attacks, and are often sold with promises that they will never be detected. *Cough*
First Published 11th February 2019 | Latest Refresh 14th May 2021
DDoS-for-Hire customers are now starting to meet new people in law enforcement.
4 min read | Reflare Research Team
The Crackdown Has Begun
Authorities in the UK have raided several providers and customers of Distributed Denial of Service (DDoS) attack services. In this research brief, we will take a look at what happened, the economics around DDoS attacks, and likely future developments.
What Happened?
Back in April of 2018, authorities from the US, UK and Netherlands took down an online service selling DDoS attacks called Webstresser. This service is suspected of having been used by thousands of customers to stage an estimated four million attacks. DDoS attacks send a very large amount of traffic to a target server with the goal is to overwhelm the system, therefore making it unusable.
While payments to Webstresser were made in cryptocurrencies and with identities hidden behind online accounts, neither of these techniques provides the level of anonymity that unskilled customers of such services assume. Small mistakes or specific usage patterns can easily lead investigators to both customers and operators being identified. Subsequently, ten months after the initial raid on the Webstresser marketplace, authorities began taking action against at least 250 customers.
Following on from those events, the first successful customer prosecutions have begun with the guilty pleas of two US citizens and the sentencing of a British national. Further prosecutions are expected at the action moves forward.
The Economics of DDoS Attacks
DDoS attacks require a large number of computers - ideally spread evenly across the world. Computers infected with malware and thereupon added to botnets are usually the ones abused by criminals in these cases. Since most criminally-inclined people don’t have the technical skills and risk tolerance to establish their own botnets and since many operators of botnets try to optimize their profits, marketplaces that matched botnet operators with those seeking to carry out a DDoS attack developed over time. Customers pay money to the botnet operators who in turn perform the DDoS attack against a specified target.
Motivations to pay for such attacks can vary widely. Some may seek to hinder competing platforms, services or online stores. Others use DDoS attacks to extort ransoms from the targeted websites. But a surprisingly large number of attacks are carried out for personal reasons such as taking down sites associated with disliked individuals or preventing others from competing in online games.
There's more than one way to take out a gaming adversary.
The proliferation and ease of use of DDoS service marketplaces have led to a wide variety of customers - from hardcore criminals looking to extort money to hormonal teenagers seeking to settle an online-gaming feud.
What Developments are Likely in the Future?
The wide variety of customers of DDoS services has led to some considerations among governments. While the effects of a grown criminal attempting to extort money and a teenager trying to win an online game are ultimately the same, there are many that baulk at drawing a moral equivalency.
Countries such as the Netherlands have begun to sentence younger, less impactful and more rehabilitable offenders to an internship at IT companies as punishment. While we do expect other countries to follow suit in establishing such programs over the coming years, at this point in time, it is too early to predict whether they will be successful in curbing cybercrime.
We fully expect as the Hacking-as-a-Service sector and wider society’s dependency on technology grows, law enforcement efforts will also expand. However, while the law plays catch-up with Webstresser's customer base, DDoS attacks, along with many other types of hacking techniques continue to wreak havoc for all organisations they hit. Both tech and non-tech staff have a role to play in increasing the cyber resilience against any and all security breaches. Learn how to mitigate risks of specific hacking practices and stay abreast of the trends by checking out our research briefs on other related topics.
Share this
- December 2024 (1)
- November 2024 (1)
- October 2024 (1)
- September 2024 (1)
- August 2024 (1)
- July 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (1)
- October 2023 (1)
- September 2023 (1)
- August 2023 (1)
- July 2023 (1)
- June 2023 (2)
- May 2023 (2)
- April 2023 (3)
- March 2023 (4)
- February 2023 (3)
- January 2023 (5)
- December 2022 (1)
- November 2022 (2)
- October 2022 (1)
- September 2022 (11)
- August 2022 (5)
- July 2022 (1)
- May 2022 (3)
- April 2022 (1)
- February 2022 (4)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (2)
- September 2021 (1)
- August 2021 (1)
- June 2021 (1)
- May 2021 (14)
- February 2021 (1)
- October 2020 (1)
- September 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (2)
- March 2020 (1)
- February 2020 (1)
- January 2020 (3)
- December 2019 (1)
- November 2019 (2)
- October 2019 (3)
- September 2019 (5)
- August 2019 (2)
- July 2019 (3)
- June 2019 (3)
- May 2019 (2)
- April 2019 (3)
- March 2019 (2)
- February 2019 (3)
- January 2019 (1)
- December 2018 (3)
- November 2018 (5)
- October 2018 (4)
- September 2018 (3)
- August 2018 (3)
- July 2018 (4)
- June 2018 (4)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (3)
- January 2018 (3)
- December 2017 (2)
- November 2017 (4)
- October 2017 (3)
- September 2017 (5)
- August 2017 (3)
- July 2017 (3)
- June 2017 (4)
- May 2017 (4)
- April 2017 (2)
- March 2017 (4)
- February 2017 (2)
- January 2017 (1)
- December 2016 (1)
- November 2016 (4)
- October 2016 (2)
- September 2016 (4)
- August 2016 (5)
- July 2016 (3)
- June 2016 (5)
- May 2016 (3)
- April 2016 (4)
- March 2016 (5)
- February 2016 (4)