Dozens arrested in international DDoS-for-hire crackdown
14 December 2016 | 0
Law enforcement agencies arrested 34 suspects in 13 countries, including the UK and the US, as part of a crackdown on distributed denial-of-service (DDoS) attacks.
The arrests targeted buyers of DDoS-for-hire services, which get paid to flood web sites or internet-connected systems with traffic, forcing them to go offline.
In addition to the 34 arrests, law enforcement agencies interviewed and warned another 101 individuals. Many of the suspects were under the age of 20, the European Union police agency Europol said in a statement.
Most buyers of DDoS-for-hire services use them to pull pranks, often in online gaming. For example, a flood of traffic can be sent to a rival player’s IP address, severing their internet connection to a game. But DDoS attacks can also be used for more malicious purposes. For example, hackers have used them to shut down online businesses as part of extortion schemes.
In more extreme cases, massive DDoS attacks can be used to disrupt the internet all across a country, like they did in a bombardment against DNS service provider Dyn in October that slowed access to many popular web sites in the US
It does not help that DDoS-for-hire service have made it easy for amateurs to launch such attacks. Security firm Imperva estimates that the percentage of DDoS attacks relying on these services has risen to 93%.
One DDoS-for-hire service targeted in the crackdown was called Netspoof, according to the UK’s National Crime Agency. It offered subscription packages for as little as $5 (€4.7) or as much as $480 (€452). Some customers were paying more than $10,000 (€9,409) to launch hundreds of attacks through the service, the agency said.
“Victims have included gaming providers, government departments, internet hosting companies, schools and colleges,” the agency said.
As part of the crackdown, the FBI detained a 26-year-old in California named Sean Sharma, an alleged buyer of a DDoS-for-hire service. He was charged with launching an attack against a web site belonging to an unnamed San Francisco-based chat service. If convicted, Sharma could face up to 10 years in prison, the FBI said in a statement.
It is unclear how many DDoS-for-hire services were shut down as part of the crackdown, but the investigation also involved authorities in France, Spain, other European countries, and Australia.
IDG News Service