Police take down the world’s largest DDoS-for-hire service
The internet might be slightly safer against distributed denial of service attacks in the near future… slightly. Police in twelve countries have taken down WebStresser, believed to be the world’s largest service for paid DDoS attacks. The joint campaign (Operation Power Off) seized WebStresser’s infrastructure in the US, UK and the Netherlands, and busted site administrators ranging as far as Australia and Hong Kong.
It’s not clear just who was arresed, though security guru Brian Krebs found that one of them is likely Jovan Mirkovic, a 19-year-old Serbian. He used his Facebook account to openly discuss his role in WebStresser, and his last post was on April 3rd (the day before Operation Power Off took place).
Like many other cyberattack-for-hire services, WebStresser made it all too easy to knock sites offline on a whim. You could pay as little as $15 to flood a site with traffic, regardless of how little technical knowledge you had. Annoyed by a company’s practices, or just wanted petty revenge? You simply had to order an attack.
While authorities are touting this as a major victory, there’s good reason to be cautious. It doesn’t take much to start a new DDoS network, especially if you can wield botnets that will do the hard work in place of specialized servers. This is definitely a victory — it’s just unlikely to be a decisive one.