Global Operation Takes Down DDoS-for-Hire Site
On April 24, international law enforcement agencies announced several arrests connected to Webstresser.org, the so-called “largest” booter or stresser service available to the general public. Many of the countries involved in the investigation issued press releases that detailed the arrest of operators in several countries. The international investigation, as explained in a press release from the Dutch police, involved as many as 10 law enforcement agencies operating within the framework of ‘Operation Power Off’.
“webstresser.org is the strongest IP Stresser / Booter on the market, we provide strongest and most reliable server stress testing, with up to 350Gbps,” the site advertised on its front page.
As of this article, authorities across the globe have arrested at least six suspected administrators and at least 10 suspected users of the service who failed to protect their identities when paying for DDoS attacks. One of the press releases mentions an arrest in the URL; the actual announcement only covered the execution of a search warrant.
According to the UK’s National Crime Agency (NCA), more than four million DDoS attacks have been attributed to Webstresser.org. The NCA announcement blamed the stresser site for DDoS attacks launched against some of the biggest backs in the United Kingdom. The Ministry of Internal Affairs of the Government of the Republic of Serbia released a statement that accused the site’s operators of launching attacks against banks, government bodies, police forces, and online gaming sites.
The site’s 136,000 registered users could launch attacks for as low as $15 per attack, according to the NCA. On Webstresser.org, the cheapest option costs $18 and provides one month of access to Webstresser.org’s DDoS tools. The $18 or “Bronze” package offers one concurrent attack and a maximum of 1,200 seconds per attack.
Dutch law enforcement and the UK’s NCA led the investigation, the press releases confirmed. The site’s four primary staff—admin, m1rk, Mixerioza, and Tyrone—had internet footprints that connected them directly back to their real life identities. The police also used the group’s Facebook and Hotmail account to push the investigation forward. Investigators found that the site’s primary operator, a 19-year-old living in Zaprešić, Croatia, had hosted Webstresser.org on a server in the Netherlands.
Two Serbians were also involved in the Webstresser.org criminal organization and arrested on the same day Croatian police arrested the main suspect. A 19-year-old from Prokuplje and a 21-year-old from Ruma made up the Serbian members of the team. The Serbian press release said that the investigation had not found any other Serbian involved.
By the time the suspects realized that the police caught onto their operation, the United States law enforcement agencies had seized the domain name. Investigations are ongoing and authorities fully expect to catch the users of the site. Ten users have already been arrested, Dutch law enforcement reported.