With the festive period traditionally a time for hackers to mount Distributed Denial-of-Service (DDoS) attacks, Europol has moved to preempt them with a sweeping takedown campaign.
The agency has seized 27 of the most popular platforms, known as booter and stresser websites, used to carry out these attacks. These include zdstresser.net, orbitalstress.net, and starkstresser.net.
Three administrators have been arrested in France and Germany, and more than 300 users have been identified for action in the future, the agency confirmed.
Over the last quarter, research from Cloudflare shows the number of DDoS attacks globally has soared, up by 49% on the previous quarter, with the banking and financial services industry subject to the most attacks.
"The festive season has long been a peak period for hackers to carry out some of their most disruptive DDoS attacks, causing severe financial loss, reputational damage and operational chaos for their victims," said Europol.
"The motivations for launching such attacks vary, from economic sabotage and financial gain to ideological reasons, as demonstrated by hacktivist collectives such as Killnet or Anonymous Sudan."
Operation PowerOFF was coordinated by Europol and involved law enforcement agencies from 15 countries. Frank Tutty of the UK's National Cyber Crime Unit, said the takedown will help to “undermine trust” among cyber criminals.
"DDoS-for-hire services are a key component of cyber crime, and enable individuals with limited technical capability to offend with ease due to their ease of access and perceived anonymity," he said.
"Operation Power OFF helps to undermine trust in this criminal marketplace and make cyber criminals think twice before unleashing DDoS attacks, which can have serious consequences."
As well as taking down the websites, Europol said it was planning to launch an online ad campaign aimed at deterring people from taking part in these types of attacks.
The campaign will include Google search ads, to be displayed to young people searching for DDoS-for-hire tools on Google, as well as preventative messages aimed at young people watching YouTube tutorials on DDoS-for-hire tools.
Along with this, Europol plans to carry out ‘knock-and-talks’ and send more than 250 warning letters and 2,000 emails to users of illegal services.
"We know that Booter services are an attractive entry-level cyber crime, and users can go on to even more serious offending. Therefore, tackling this threat doesn't just involve arresting offenders, it includes steering people away from straying into cyber crime and helping them make the right cyber choices," said Tutty.
"This is why our Google ad campaign is such a crucial part of this overarching operation, preventing would-be offenders from engaging with them in the first place, in tandem with enforcement action undertaken by law enforcement partners around the world."
In October, US authorities charged two Sudanese nationals involved in a major DDoS cybercrime network known as Anonymous Sudan, following an international investigation.
The group's DDoS tool was used to launch more than 35,000 DDoS attacks over the space of a year, causing more than $10 million in damages to victims in the US alone.
