Professional Door Service
At the beginning of 2018, things looked as if they were about to snowball out of control. It seemed every week there was a new critical vulnerability affecting an IoT device or enterprise solution, which was quickly followed by a newly discovered botnet variant leveraging the same recently disclosed vulnerability. Bot herders were moving quickly: by February 2018 the Memcached vulnerability was leveraged within 24 hours of its disclosure, launching a record-breaking DDoS attack. Eight days later, it was incorporated into one of the more notorious DDoS-for-hire services at the time, Defcon[.]pro.
Soon after, federal agents around the world began working to dismantle the DDoS-for-hire industry. They arrested operators and users of these illegal services.
On April 24, 2018, Dutch Police, the United Kingdom’s National Crime Agency, and Europol , in addition to other law enforcement agencies around the world, launched Operation Power Off, aimed at arresting the administrators of the DDoS-for-hire service, Webstresser[.]org. Agents seized the domain and arrested the administrators in the United Kingdom, Croatia, Canada, and Serbia. In addition, law enforcement agencies globally also targeted the users of the service. In total, Webstressers had 136,000 registered users who launched a total of 4 million cyerattacks.
On December 20, 2018, the United States Department of Justice announced that they seized 15 domains associated with DDoS-for-hire services and arrested the administrators behind the attack platforms .