Online gambling sites targeted by Distributed Denial of Service attacks (DDoS) may have the last laugh as police around the globe target hunt down the perpetrators.
On Monday, global crime-fighters Europol said a joint operation was targeting end users of the WebStresser DDoS-for-hire service that the agency helped dismantle in April 2018. Launched in 2015, WebStresser had over 151k registered customers who used the service to launch around 4m DDoS attacks on websites for blackmailing purposes for the low, low monthly cost of just €15.
Europol now says that WebStresser’s demise provided the agency with “a trove of information” and “actions are currently underway worldwide to track down” the service’s end users. Europol says its Joint Cybercrime Action Taskforce (J-CAT) is working with the Dutch Politie, the British National Crime Agency and other authorities on these efforts.
In the UK, actions against local WebStresser users have resulted in the seizure of over 60 digital devices for further analysis. Other live operations targeting DDoS scammers are in the works and over 250 users of WebStresser and similar DDoS-for-hire services “will soon face action for the damage they have caused.”
Despite some enforcement successes – including the FBI’s December 2018 takedown of 15 DDoS-for-hire sites, including Downthern and Quantum Stresser – Europol expressed concern over how these “easily accessible” DDoS-for-hire services have empowered otherwise “low-skilled” individuals and “effectively lowered the entry barrier into cybercrime.”
Reports by online threat mitigation firms have routinely identified online gambling sites as among the top targets for DDoS attackers, in part due to online sportsbooks’ reliance on live sporting events. Poker sites are also routinely targeted during scheduled tournaments; last year saw eight of the top-10 poker sites targeted by major DDoS attacks over a period of just two months, leading to delays and the outright cancellation of some major events.