[ad_1]
The websites purported to offer “stresser” services. For a fee, they would flood their customers’ websites with traffic, revealing weaknesses that could threaten their effectiveness. But as Operation PowerOFF revealed, something darker was going on.
According to a press release from the US Attorney’s Office for the Central District of California, the ring behind the websites actually offered “booter” services, a type of Distributed Denial-of-Service (DDoS) attack aimed at taking down online services offered by businesses, governments, and others. Before being seized by the Justice Department, the sites were allegedly used to facilitate “hundreds of thousands of actual or attempted DDoS attacks targeting victims worldwide.”
“Operation PowerOFF is a multi-nation effort to shut down a collective that offered a DDoS-for-hire service,” explains Yashin Manraj, CEO of Pvotal Technologies. “The hackers repurposed outdated ransomware tools, exploited vulnerable computers and misconfigured web servers — even those of small businesses to harness the computing power to offer services that could disrupt businesses for a fee.”
Manraj is a security expert who has built systems for the world’s top engineering firms and tackled novel engineering challenges at the nanoscale. He launched Pvotal to empower companies with sophisticated, limitless enterprises that support rapid change, seamless communication, top-notch security, and scalability to infinity. He brings to Pvotal’s clients a unique nexus for identifying and solving gaps in the product pipeline that draws on business insights and deep technical knowledge from product development, design, and coding.
“The consumers that used the ring’s services, who were mostly Americans, used these services to go after competitors, political opponents, and other services,” Manraj says. “Their goal was gaining a competitive edge, leveraging them out of a position, or disrupting their businesses.”
Operation PowerOFF targets hackers around the world
Operation PowerOFF, which was launched in 2022, brings together law enforcement agencies from around the world in a cooperative effort targeting DDoS-for-hire infrastructures. Its key partners include the US Department of Justice Computer Crime and Intellectual Property Section, Germany’s Bundeskriminalamt, the UK’s National Crime Agency, and EUROPOL. The initiative carried out on May 7 included the seizure of nine internet domains by the US Justice Department and the arrests of four site administrators by Poland’s Central Cybercrime Bureau.
“The arrests of some members of the ring’s Polish front-end office operation caused most of the international members to go dark or wash their credentials and access, at least temporarily,” Manraj shared. “However, other groups are now actively hiring and encouraging affected criminals to join them and give them access to their remaining botnet and client base, especially hacktivist organizations.”
The impact of booter attacks is far-reaching
Operation PowerOFF has found that booter attacks are used to target a wide range of organizations around the world. Victims of the attacks include schools, government agencies, financial institutions, e-commerce platforms, and gaming platforms.
The attacks are popular because they deliver a high impact (i.e., disrupting an organization’s key online activity) at a low cost. And because hackers will perform the service for a fee, the attacks can be leveraged by those with little to no experience in the realm of cybercrime.
“One of the most surprising finds to emerge from the recent Operation PowerOFF activity is the discovery of how many hackers and hacking initiatives outsource their work — especially pro-Palestinian, anti-Trump, and pro-Russian groups,” Manraj says. “They used those services to disrupt their political opponent and push their own political agenda.”
As Manraj points out, authorities have begun to connect booter attacks and other DDoS activity as a favorite tool of “hacktivists,” those using hacking to pursue political or social goals. Disrupting operations, defacing websites, and releasing stolen data to the public are all types of attacks hacktivists use to draw attention to their causes.
Online ad campaigns used to deter booting
In addition to targeting the cybercriminals who carry out the booter attacks, Operation PowerOFF also aims to dissuade those who might use their services. EUROPOL revealed that law enforcement agencies are using fake booter sites to connect with those seeking out the services. The sites are meant to alert visitors to law enforcement activities focused on booter attacks and explain the possibility of prosecution.
EUROPOL also says agencies are using online ad campaigns that identify the attacks as illegal activity with costly consequences. The agencies are reportedly using Google Search ads and YouTube ads to share educational messages with those searching for DDoS-for-hire tools on those platforms.
While booter attacks generally target a specific victim, they can cause far-reaching service disruptions. The network congestion they aim to create can slow down internet traffic on shared hosting services, affecting non-targeted users and other services that depend on the network. The law enforcement activity focused on booter attacks seeks to protect targets and other users who could be affected by collateral damage.
“Booter services facilitate cyberattacks that harm victims and compromise everyone’s ability to access the internet,” explained Bill Essayli, US Attorney for the Central District of California, when announcing the recent seizures. He described the operation’s action as “a major step in our ongoing efforts to eradicate criminal conduct that threatens the internet’s infrastructure and our ability to function in a digital world.”
[ad_2]
Source link
Click Here For The Original Source.
