Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

‘Operation Tarpit’ Targets Customers of Online Attack-for-Hire Services

posted by martyb on Sunday December 18 2016, @11:58AM   Printer-friendly
from the booting-the-booters dept.

Fnord666 writes:

Brian Krebs has a post on KrebsOnSecurity where he discusses a recent law enforcement crackdown on individuals using "booter" services to knock web sites offline.

Federal investigators in the United States and Europe last week arrested nearly three-dozen people suspected of patronizing so-called "booter" services that can be hired to knock targeted Web sites offline. The global crackdown is part of an effort by authorities to weaken demand for these services by impressing upon customers that hiring someone to launch cyberattacks on your behalf can land you in jail.

On Dec. 9, 2016, the U.S. Federal Bureau of Investigation (FBI) arrested Sean Sharma, a 26-year-old student at the University of California accused of using a booter service to knock a San Francisco chat service company's Web site offline.

Sharma was one of almost three dozen others across 13 countries who were arrested on suspicion of paying for cyberattacks. As part of a coordinated law enforcement effort dubbed "Operation Tarpit," investigators here and abroad also executed more than 100 so-called "knock-and-talk" interviews with booter buyers who were quizzed about their involvement but not formally charged with crimes.

[...] Stresser and booter services leverage commercial hosting services and security weaknesses in Internet-connected devices to hurl huge volleys of junk traffic at targeted Web sites. These attacks, known as "distributed denial-of-service" (DDoS) assaults, are digital sieges aimed at causing a site to crash or at least to remain unreachable by legitimate Web visitors.

"DDoS tools are among the many specialized cyber crime services available for hire that may be used by professional criminals and novices alike," said Steve Kelly, FBI unit chief of the International Cyber Crime Coordination Cell, a task force created earlier this year by the FBI whose stated mission is to 'defeat the most significant cyber criminals and enablers of the cyber underground.' "While the FBI is working with our international partners to apprehend and prosecute sophisticated cyber criminals, we also want to deter the young from starting down this path."

According to Europol, the European Union's law enforcement agency, the operation involved arrests and interviews of suspected DDoS-for-hire customers in Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom, and the U.S. Europol said investigators are only warning one-time users, but aggressively pursuing repeat offenders who frequented the booter services.

"This successful operation marks the kick-off of a prevention campaign in all participating countries in order to raise awareness of the risk of young adults getting involved in cybercrime," reads a statement released Monday by Europol. "Many do it for fun without realizing the consequences of their actions – but the penalties can be severe and have a negative impact on their future prospects."

Original Submission

 
This discussion has been archived. No new comments can be posted.
‘Operation Tarpit’ Targets Customers of Online Attack-for-Hire Services | Log In/Create an Account | Top | 7 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday December 18 2016, @12:39PM

    by Anonymous Coward on Sunday December 18 2016, @12:39PM (#442665)

    This will be about as effective as going after people who buy child porn: Not at all. There are just too many ways to conceal your activities online, and unless the government already knows about you and is targeting you specifically, the amount of effort it would take unmask everyone and defeat whatever security measures they used would be extraordinary. What a waste of time and money. It would be better to just entirely go after the ones who run these services rather than wasting resources capturing a few low-hanging fruits who were dumb enough to get caught.

  • (Score: 2) by q.kontinuum on Sunday December 18 2016, @01:00PM

    by q.kontinuum (532) on Sunday December 18 2016, @01:00PM (#442668) Journal

    I see a big difference: Hormon- or aggression-driven actions are imo impervious to deterrence. White-collar actions on the other hand are usually a matter of cost-benefit estimates. While encryption and security-efforts on the part of the perpetrator is in both cases a relevant factor, showing that some are getting caught might have an impact on white-collar crime.

    --
    Registered IRC nick on chat.soylentnews.org: qkontinuum

    • (Score: 0) by Anonymous Coward on Sunday December 18 2016, @01:23PM

      by Anonymous Coward on Sunday December 18 2016, @01:23PM (#442674)

      The difference isn't that big. We still have copyright infringement despite life-crippling lawsuits against a number of people. Even if that's not all that similar, many people think that they are immune to getting caught unlike other people and will take the risk anyway. Law enforcement can't go after everyone, after all. Trying to deter activities that can be committed in the comfort of one's own home over the Internet when even a moderate number of people wish to engage in those activities is nigh impossible. The Tough On Crime mentality just isn't enough to deter these people.

  • (Score: 2) by jcross on Sunday December 18 2016, @02:05PM

    by jcross (4009) on Sunday December 18 2016, @02:05PM (#442680)

    You may be right, but attempts to stop unauthorized drug sales and prostitution by going after the suppliers haven't worked out that well either. Of course it appears easier to go after the suppliers because there are fewer of them, but the problem is you're still left with a market which someone is going to serve, just at a higher price to account for the risk. If you go after the customer and it has any deterrence effect (which it probably will at first as the most risk-averse bail out), the net effect is to lower prices and generally make it a less attractive business to be in. I don't think either approach is going to eliminate the problem, but there's something to be said for this one.

    • (Score: 0) by Anonymous Coward on Sunday December 18 2016, @05:26PM

      by Anonymous Coward on Sunday December 18 2016, @05:26PM (#442723)

      You may be right, but attempts to stop unauthorized drug sales and prostitution by going after the suppliers haven't worked out that well either.

      Apples and oranges. Drugs & prostitution are "pleasure" related and are not a "business transaction" for the clients. These DDoS attacks are a business transaction for both parties so risk/reward, ROI, etc will come into play. Once a supplier is busted they will sell their clients out in a heartbeat. If a supplier is in fact a tarpit, well ...

  • (Score: 0) by Anonymous Coward on Monday December 19 2016, @02:41PM

    by Anonymous Coward on Monday December 19 2016, @02:41PM (#443135)

    I suggest we go one step further: to the people who sell the useless IoT crap and Micro$oft. They created this problem now make the fix it. I completely agree what they are now doing is useless whack-a-mole.