Authorities targeted domains and their administrators selling distributed-denial-of-service (DDoS) attacks, a type of cyberattack that funnels enough traffic to websites or IP addresses to render them inaccessible.
Most Popular DDoS Services Shut Down
“Operation Power Off,” as the effort has been dubbed, is a continuation of a coordinated law enforcement operation by the FBI, the U.S. Department of Justice, as well as participating authorities across Europe, to rid the web of illegal DDoS-for-hire websites, also known as “booter services.” “The services seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines,” a Wednesday press release from Europol said. “One such service taken down had been used to carry out over 30 million attacks.” Attacks stemming from these kinds of sites have been used on various industries in the U.S. and abroad, including government networks and agencies, educational institutions, gaming platforms, as well as millions of individual victims, the U.S. DoJ said. In addition to the websites seized by authorities, seven administrators were also arrested in the U.S. and U.K., “with further actions planned against the users of these illegal services.” Many of the sites operated under the guise of network “stresser” testing services, though the U.S. DoJ noted communication between clients and site administrators made clear that the idea of testing their own computers or networks was simply a pretense to engage the criminal service.
DDoS Attacks More Serious Than Hackers Think
These DDoS-for-hire attacks offer an entry point for low-level criminals, Europol added, especially young, aspiring hackers who are unaware that a DDoS attack can lead to prison time. “DDoS booter services have effectively lowered the entry barrier into cybercrime: for a fee as low as EUR 10, any low-skilled individual can launch DDoS attacks with the click of a button, knocking offline whole websites and networks by barraging them with traffic.” According to the FBI, a key force in the international takedown, the penalties for using booter or DDoS services can be quite steep, whether you find them advertised publicly on the surface web or anonymously on the dark web. Anyone found using these services could be arrested and prosecuted, have their computers and electronic devices seized, face significant prison time and pay out plenty in penalties and fines.
DDoS Attacks Are a Global Threat
DDoS attacks can be particularly devastating when a threat actor controls a sprawling botnet. Internet hosting giant Cloudflare managed to diffuse the largest DDoS attack on record in June, topping out at 26 million requests per second and led by a botnet army of 5,067 slave devices. Modern high-profile DDoS attacks tend to target governments and critical infrastructure and are considered among the top threats to global security. In March, the Israeli government suffered attacks that took its websites offline for several hours. Worst of all, DDoS attacks also greatly affect the medical industry, as evident in an attack that crippled a large hospital in Paris in August. Operations were postponed, and the staff was forced to use pen and paper to jot down medical records or handle admissions and other key information. DDoS can be used in conjunction with a ransomware attack to completely paralyze the target while stealing their files to exploit them for financial gain. To find out more about these kinds of attacks and their differences, as well as how you can defend yourself, read our guide to DDoS attacks.