Europol officials have shut down WebStresser, a website where users could register and launch DDoS attacks after paying for a monthly plan, with prices starting as low as €15 ($18.25).
The website, considered the largest DDoS-for-hire service online, had over 136,000 users at the time it was shut down. Europol said it had been responsible for over 4 million DDoS attacks in recent years.
WebStresser admins were also arrested
Besides shutting down the website’s server infrastructure, authorities said they also arrested the site’s administrators, located in the United Kingdom, Croatia, Canada, and Serbia.
Dutch and UK cops led the investigation and were responsible for tracking down administrators and their infrastructure.
Cops seized WebStresser’s server infrastructure located in the Netherlands, the US and Germany.
Europol added that “further measures” were taken against the site’s top users, who’ve launched the most attacks in recent years. Officials didn’t reveal what these measures were but merely said the users were located in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong.
WebStresser was today’s top DDoS-for-hire service
WebStresser launched in 2015, according to a source in the DDoS mitigation industry. It was initially a small-time service, but it evolved over the years.
The service gradually added support over the years for a plethora of DDoS attack types, launched a mobile app from which users could launch attacks when away from their PCs, accepted payment via PayPal and Bitcoin, and aggressively promoted its service on hacking forums and social media.
The service became extremely popular in recent years, being the first result returned on Google when searching for terms like “DDoS booter” or “DDoS stresser.”
WebStresser also had a very active Facebook page where it regularly asked users to post positive reviews of the site on YouTube for which it would reward users with free access to the service for a month. There were 2,450 YouTube videos with WebStresser mentions at the time of writing.
The Facebook page also contained messages from the WebStresser staff announcing downtime or maintenance operations. In many messages, site admins made the mistake of revealing their hosting providers’ names. For example, a Facebook post revealed that WebStresser was hosting servers at Deutscher Commercial Internet Exchange (DE-CIX), a well-known German data center located in Frankfurt. Europol said they seized servers in Germany.
Despite taking down the largest and most visible DDoS booter, there are many more similar services available online, many accessible to anyone willing to run a Google search query. The cycle will now repeat itself, with a new DDoS-for-hire service rising to take WebStresser’s name, just like WebStresser replaced vDoS as the go-to destination for buying DDoS cannons.