Distributed Denial-of-service attacks have become annoyingly common over the past several years. They’ve been responsible for some major service outages, too. One knocked an entire country offline. Another crippled Internet access across the Eastern United States.
In 2018 law enforcement agencies fought back in a big way. A coordinated effort dubbed Operation Power Off resulted in the takedown of Webstresser.org, one of the largest DDoS-for-hire marketplaces around.
As a result, authorities got their hands on a treasure trove of customer information. Those customers, remember, were paying cash to launch attacks against businesses and individuals.
In the United Kingdom alone Webstresser data has led to multiple arrests and the seizure of dozens electronic devices and more are on the way. According to a Europol press release, more than 250 individuals will soon face charges.
Many may not have realized how disruptive their actions could be, especially when launching a DDoS attack is so cheap and easy to do. The reality is that DDoS attacks can create serious problems. A larger business hit by a sustained DDoS can easily run up several million dollars in costs resulting from lost productivity, sales, and remedition. A 2017 survey of 1,000 businesses revealed total estimated losses of $2.2 billion.
The losses pile up quickly, which is why agencies from 20 different countries have agreed to coordinate their efforts against DDoS service providers and users. Their cooperation led to several more successes toward the end of 2018. 17 more DDoS services were shut down in December, 15 of which were seized by the FBI.
To b clear, the battle against DDoS attacks will be an ongoing game of whack-a-mole and officials are taking a zero-tolerance approach. Europol’s release states that “size does not matter – all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain.”