Europol, the Federal Bureau of Investigations, and other law enforcement agencies have arrested 34 individuals who paid for DDoS-for-hire services.
On 12 December, the Europol’s European Cybercrime Centre (EC3) announced it worked with law enforcement authorities from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom, and the United States to target users of distributed denial-of-service tools.
Together, the countries arrested 34 such individuals and interviewed 100 more between 5 December and 9 December as part of the European Multidisciplinary Platform against Criminal Threats (EMPACT), a framework which is designed to protect critical infrastructure and information systems in the EU.
Great to team up w/@FBI for another successful #cybercrime operation! International cooperation is vital to effectively tackle cybercrime 👊 https://t.co/mQSqh8Ze23
— Europol (@Europol) December 13, 2016
Amongst those the FBI arrested was Sean Sharma, a 26-year-old graduate student at the University of Southern California, for having used DDoS tools like booters and stressers to take down a San Francisco chat service company’s website. Many of the other detained were less than 20 years old.
Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3), notes that it’s up to law enforcement to steer individuals like Sharma away from committing computer crime.
As quoted in Europol’s statement:
“Today’s generation is closer to technology than ever before, with the potential of exacerbating the threat of cybercrime. Many IT enthusiasts get involved in seemingly low-level fringe cybercrime activities from a young age, unaware of the consequences that such crimes carry. One of the key priorities of law enforcement should be to engage with these young people to prevent them from pursuing a criminal path, helping them understand how they can use their skills for a more constructive purpose.”
This takedown, dubbed Operation Tarpit, reaches back to Operation Vulcanalia, another effort launched in the United Kingdom.
As part of that older investigation, the National Crime Agency (NCA) arrested Grant Manser, 20, of Kidderminster, a town near Birmingham, for managing the DDoS stresser Netproof that according to Bleeping Computer generated £50,000 (US $63,200) from its nearly 13,000 users.
A UK judge ultimately tried Manser and sentenced him to two years in youth detention. It would now appear Europol and others are using a database obtained from Manser to go after Netproof’s users one by one and take some form of action against them.
By no means is this the first time authorities have made a DDoS-related arrest. But many of those previous investigations usually involve DDoS botnet operators.
In this case, authorities went after users of DDoS-for-hire services, which goes to show law enforcement’s patience with crimeware is wearing thin.
The arrests come at the same time as a campaign that’s designed to move tech-savvy teenagers away from a life of crime. As Europol explains:
“The teenagers that become involved in cybercrime often have a skill set that could be put to a positive use. Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to anyone with an interest in these areas.”
Our world is at no loss for digital threats today, so let’s hope Europol succeeds in persuading some of those individuals to join the good fight.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.