Cyber-crime: Webstresser.org scandal
Ever since the beginning of the internet, the fear of teenage hackers prevailed. It seems that the damage that kids can do is far more dangerous and serious than one would dare to think of. In order to understand this fear, it’s enough for a person to remember the disasters that were caused by Webstresser.org, the infamous website launched by a number of young hackers from different countries. The disastrous effects that it had on a number of fields and millions of users will not be forgotten.
In today’s world, everyone is aware of the power of DDoS attacks and it’s consequences. When DDoS attacks – it directs a huge amount of traffic at a website, for example, so when the server becomes overwhelmed it then simply becomes unusable, thus depriving users of essential services. A few years ago, in order to launch a DDoS attack, it required a hacker well versed in internet technology.
However, everything changed with Webstresser. It allowed criminals to purchase “attack packages” paying anonymously online using cryptocurrencies such as Bitcoin and signing up to a payment plan for a month for as little as 15 euros a month! Offering low-cost deals to literally everyone, it became a huge threat and it did cause immense damage to many governments, police services, businesses of all sizes and banks. The amount of financial loss for those involved was drastic.
It furthermore allowed “a client” to buy a specified number of attacks and they could launch them whenever they liked – they even had “24×7 email support”, to communicate along the way with the target! The people behind the website were indeed conscious of the demands of the marketplace, so they even made a mobile phone app so that clients could operate on the attacks away from their PCs. The website is believed to have been set up and run by a 19-year-old Serbian hacker and that the coordinated group of people have been working on it and offered its services in a number of countries! It’s also believed that Webstresser catered for over 136, 000 registered users and is believed to be responsible for roughly four million DDoS attacks worldwide.
In a co-ordinated operation in which was involved police in 11 countries, including the United States, Webstresser.org – has been shut down. Those behind the website were arrested and sentenced – but Europol continued the research and operation, taking “further measures” against the online marketplace’s top users. The police also continued to pursue individuals and warrants and seized as it’s been said a huge number of personal computers, tablets, and mobile phones. It’s said that the police succeed in tracking users even though they paid with bitcoins because they used real email addresses, which led to a message board, for example, and back to owner’s real name or IP address. However, one should keep in mind that only a small fraction of users are being investigated in comparison to the full WebStresser user list. It sounds like law enforcement will have a tough time if they are willing to pursue in tracking everyone down.
One interesting notion is that after the young hackers were arrested, in 2017, the NCA started testing weekend rehab camps for young cybercriminals. It seems that the former hackers were taught that other engaging internet activities existed – including cybersecurity, offering them the same excitement but for doing something legal. In the Netherlands, a program of four-phases was implemented – recovery, training, alternative, and coaching, and it offered the offenders even the complete internships in IT departments. Fight against the criminal by dragging the hackers to the “good” side seems like a really great idea.
The damage that Webstresser created is substantial because the victims may be out of business for a period of time and they might have to spend money on the new important security measures in order to prevent further DDoS attacks. What seemed like a child’s game for a young adult turned out to be of huge negative impact on millions. One must be aware of the fact that the booter services will be launched despite the strict action of the police and the takedown of Webstresser. New services are in operation, with many different features coming online every month. It seems that the only possible solution for companies and agencies is investing into good cybersecurity and continuously following the infamous news in order to at least be prepared for DDoS attack when it occurs – if not to be ready to suppress it.