LISTEN LIVE KPR - On Air: Listen Live to classical, jazz and NPR news Schedule LATEST
NEWSCAST
KPR 2 - On Air: Listen live to KPR's all talk-radio service, KPR2 Recordings

Share this page              

Distributed Denial Of Service Attacks-For-Hire Website Shut Down

Europol said law enforcement agencies arrested the administrators of a website that allowed customers to launch DDoS attacks.

European law enforcement agencies say they've arrested the administrators of a website that allowed users to pay to knock selected websites offline.

The site Webstresser.org let paying customers — for as little as 15 euros a month, according to the European law enforcement agency Europol — launch distributed denial of service (DDoS) attacks to shut down websites or Internet users.

Authorities arrested the alleged administrators in the U.K., Croatia, Canada and Serbia on Tuesday, Europol said in a statement. Dutch police and the U.K.'s National Crime Agency led the investigation, dubbed "Operation Power Off." At least 10 people were arrested, the Dutch National Police said on Reddit Wednesday.

Webstresser visitors located in the U.S. saw a notice: "THIS SITE HAS BEEN SEIZED." Europol said Webstresser's servers were "seized" in the U.S., Germany and the Netherlands.

Law enforcement alleges the site had 136,000 registered users and was responsible for 4 million attacks as of this month.

"The damage of these attacks is substantial. Victims are out of business for a period of time, and spend money on mitigation and on (other) security measures," the Dutch police said.

Webstresser provided what was a called a "booter" or "stresser" service — what security researcher Brian Krebs calls "virtual hired muscle that anyone can rent to knock nearly any website or Internet user offline." A DDoS attack works by overwhelming an online service with fake traffic from various sources.

"It used to be that in order to launch a DDoS attack, one had to be pretty well versed in internet technology," Europol said. "That is no longer the case. With webstresser.org, any registered user could pay a nominal fee using online payment systems or cryptocurrencies to rent out the use of stressers and booters."

One of the most widely felt DDoS attacks occurred on Oct. 21, 2016, when an attack caused disruptions to Twitter, Amazon, Spotify and Airbnb for much of the day.

"Attacks-for-hire" are leading to an increase in the frequency of attacks, experts say.

These types of attacks make $13 million in revenue each year, the security company Bromium's CEO Gregory Webb told the website Threatpost. An average DDoS attack costs a business between $200 and $1,000 each day, he told the site.

Many booter services advertise themselves as legitimate testing services for customers to test their own website's ability to withstand an attack. "Many booter service operators apparently believe (or at least hide behind) a wordy 'terms of service' agreement that all customers must acknowledge, under the assumption that somehow this absolves them of any sort of liability for how their customers use the service," Krebs writes.

Europol calls Webstresser the "biggest" marketplace for selling DDoS attacks. But according to Krebs, "there are dozens of other booter services in operation, with new ones coming online almost every month."

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

Tower Frequencies

91.5 FM KANU Lawrence, Topeka, Kansas City
96.1 FM K241AR Lawrence (KPR2)
89.7 FM KANH Emporia
99.5 FM K258BT Manhattan
97.9 FM K250AY Manhattan (KPR2)
91.3 FM  KANV Junction City, Olsburg
89.9 FM K210CR Atchison
90.3 FM KANQ Chanute

See the Coverage Map for more details

Contact Us

Kansas Public Radio
1120 West 11th Street
Lawrence, KS 66044
Download Map
785-864-4530 (Main Line)
888-577-5268 (Toll Free)
contact@kansaspublicradio.org