Forty-eight web domains being seized and seven people prosecuted. American and European judicial agencies have just revealed the results of the latest crackdown against denial of service attack services. Four years after the last major operation, it is therefore the return of operation “Power Off”, the name given to this international legal counter-attack against this cybercrime.
So-called network tests
These sites were used to launch “millions of denial of service attacks” worldwide, said a statement from the California Central District Attorney. If it was established, the supply of denial of service attacks was hidden behind network testing services, such as RoyalStrasser.com, Supremesecurityteam.com, SecurityTeam.io, Astrostress.com, Booter.sx, Ipstressor .com or TrueSecurityServices.io.
Aged 19 to 32, the six suspects arrested in the United States, residents of California and Alaska, must be heard by a court in early 2023. A seventh person was also arrested in the UK, Europol said in a statement on 15 December.
The example of PowerApi, a French site for denial of service attacks
This kind of service of denial of service attacks, which consists in preventing access to a site by bombarding it with connection requests, is a real problem. Inexpensive to operate, they allow people without technical skills to carry out disruptive attacks.
This case, which was tried in Paris last September, bears witness to this. As noted by ZDNET.fr Steven, a 24-year-old bakery preparer, was sentenced after a guilty plea to a one-year suspended prison sentence for launching his denial of service attack site, PowerApi.
Without computer knowledge, he had relied on the skills of Enzo, a young man living in the Var, to set up the DDoS attack site. A type of attack essentially hired – for meager financial gain – to disrupt online video game play.
Gateway to cybercrime
As Europol reminds us, denial of service attack services can indeed be purchased for the modest sum of ten euros. Likewise, it can be an easy gateway to cyberdelinquency. If the European agency insists on the seriousness of the damage that these attacks can cause – such as the paralysis of services offered by companies or institutions -, they are however at the bottom of the table of cybercrime.
Strongly promoted by hacktivists, evidenced by their current use in the conflict between Ukraine and Russia, these denial of service attacks nevertheless constitute disturbing background noise that can divert the attention of computer security managers from targeted sites, thus wasting their precious time while other, much more dangerous computer attacks threaten them.