Nationwide arrests bring in number of alleged repeat offenders—mostly young men.
Twelve people—almost all of whom are men under the age of 30—have been arrested in the past week on suspicion of repeatedly performing direct denial of service attacks, in a crackdown spearheaded by the National Crime Agency.
Cops working on Operation Vulcanalia targeted more than 60 individuals believed to have paid as little as £4 to use a DDoS suite called Netspoof, resulting in 12 arrests, 30 cease-and-desist notices, 11 suspects having computer equipment seized, and two cautions. The arrests were mostly among alleged repeat offenders, with the aim being to discourage rather than punish first-timers.
Netspoof subscription packages cost between £4 and £380, and some customers had paid more than £8,000 “to launch hundreds of attacks”—the specific sites they attacked, however, weren’t revealed by the NCA. Victims were said to include “gaming providers, government departments, Internet hosting companies, schools, and colleges.”
The agency said: “Where cybercrime has largely been seen as being committed by hackers with technical skills, stresser services allow amateurs—sometimes motivated by a grudge—to launch attacks easily and with little or no specialist knowledge.”
The operation was run nationwide, with the NCA supported by officers working for Regional Organised Crime Units (ROCUs). It was part of a wider push by Europol, named Operation Tarpit, during a “week of action” which was also coordinated with law enforcement agencies in the US and Australia.
Senior investigating officer Jo Goodall, who works at the NCA’s National Cyber Crime Unit, said the problem posed by DDoS attacks is “truly global” in scale. “These attacks pose a huge economic cost to the economy. It is not a victimless crime,” she said. “It requires worldwide co-operation which we have seen on this job with the focus on arresting those who won’t change their ways, and trying to prevent those who will from future offending.”
A survey by cyber security specialists Kaspersky Lab and researchers B2B International—cited by the NCA—which talked to more than 4,000 small and medium firms and 1,000 large businesses, found that an attack can cost more than £1.3 million for large firms and approximately £84,000 for smaller companies.
Europol’s Steven Wilson said: “Many IT enthusiasts get involved in seemingly low-level fringe cyber crime activities from a young age, unaware of the consequences that such crimes carry.
“One of the key priorities of law enforcement should be to engage with these young people to prevent them from pursuing a criminal path.”
Roughly 30 percent of UK businesses reported a DDoS attack last year, the NCA said. Of the agency’s twelve arrests, only one so far has led to an unnamed, 27-year-old male suspect from Hamilton, Scotland being charged under the Computer Misuse Act.