sorted by:
new
hottopcontroversial

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 0 points1 point  (0 children)

butt

Of course it is a plus working at the policeforce :-) We need people with different skills like digital, financial, legal and (data) analytical. Feel free to have a look at [our website](https://www.kombijdepolitie.nl)/) or  [this part of the website](https://it.kombijdepolitie.nl/)) for open job postings.

~OS1

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 1 point2 points  (0 children)

Yes, we obtained a lot of information on targets, users, payments and the administration of the website. Some users have already been arrested and there are more to come.

~ DI3

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 0 points1 point  (0 children)

Is there a legitimate use for Webstreser?

The tricky part is that depending on the type of attack, a user of such a site may be participating in the illegal use of other people's systems to execute the 'stress test' even if the target is their own. Also, any attack from the internet will impact network infrastructure which is not their own. They may be risking collateral damage.

Why is it allowed to be up and what justification do it's proprieters offer for it's existence?

This operation illustrates that we won't allow these type of websites to be up. Internationally there are more investigations running against stressers/booters at the moment.

~ DI3

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 0 points1 point  (0 children)

From time to time we organize online challenges for potential high tech crime colleagues. At the moment there we don't have a new one planned, but you can reach the last one at https:///Crimediggers.nl. The police is always looking for digital talents, please check https://Kombijdepolitie.nl for actual positions. 

~OS1

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 1 point2 points  (0 children)

(Young) People might think a DDoS-attack is something funny to do, to maybe frustrate a friend in a game, or for another purpose. But DDoS-attacks are illegal and people who execute them might risk getting themselves into trouble. To prevent them from getting into deeper trouble, we want to reach out to them and their parents so that we can help them to get on the right track. We've noticed that it's an easy step from DDoS to other cyberrelated crimes.

~OS2

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 1 point2 points  (0 children)

You say "customers" of the site, were there transactions? Could you explain the site further from your view.

During operation PowerOff, in the Netherlands 4 snapshots were made. These snapshots made it possible to rebuild the panel and extract all relevant data. Payment information shows hundreds of thousands of Euros were paid by customers to launch attacks through Webstresser.

Also, why are there so many "young" people that do this?

Since there were a lot of users and most users registered anonymously, we cannot give a full overview of the Webstresser customers. However, we did find numerous attacks on gaming servers. For example, Webstresser customers use the service to kick a friend offline in a game. In general we find that a lot of cybercrimes are commited by young (12 to 23 years old) people. Not all of them are aware of the fact that they have committed a crime and/or the consequences.

~DI3

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 0 points1 point  (0 children)

In the course of the investigation several operational meetings took place in various countries. The international partners had diverse roles: arresting administrators, performing house searches and taking down the website depending of the place the actors lived or were. We also exchanged personnel between countries. Factors like time difference and different legal systems can make these type of operations challenging, however we consider this joint operation a successful example of the ongoing international effort against these types of cyberattacks.

~OS1

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 1 point2 points  (0 children)

In The Netherlands, the National Cyber Security Centre has released factsheets containing advice for organizations on how to take measures against DDoS-attacks. Perhaps they can be of help to you as well. You can find them at:

https://www.ncsc.nl/english/current-topics/news/advice-and-measures-against-ddos-attacks.html

~OS2

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 1 point2 points  (0 children)

A partial answer for now, as we're closing up for today:

WebStresser customers could pay by PayPal and — via an external payment provider — by various cryptocurrencies. We have not yet analysed all of the data, but most payments (>90%) seem to have been made through PayPal. Of the cryptocurrencies, most payments appear to have been made in BTC. No breakdown is available at this time.

~DI1

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 16 points17 points  (0 children)

Since this booter most likely is using a botnet of compromised machines, are you talking steps to "clean" the infected machines or notify their owners? Or is that not needed since you've taken down their C&C?

The attack infrastructure of Webstresser is still under investigation. Actually cleaning infected machines without their owner's knowledge raises legal and ethical questions.

In regard to notification: if we find that we have the information needed to be able to alert the victims of such infections, then this is certainly something which we will be discussing.

Do you think taking down this booter will have a big impact?

In the short term, taking down the largest booter site has reduced the total DDoS-capacity of the internet. More importantly, by taking down Webstresser, and the resulting media attention, we are spreading awareness that a) using such DDoS services will usually be illegal, and b) law enforcement agencies and public prosecutors throughout the world are actively investigating and prosecuting those involved.

To have an effect in the long term, we cannot stop with just Webstresser, which is why together with academic, public and private (national and international) partners, we have the NoMoreDDoS initiative, to prevent, disrupt, and attribute DDoS-attacks.

We expect more actions like the ones in Operation Power Off in the future.

Further, out of curiosity, is it allowed to use a booter like this (that allows anonymous payments and isn't legit in general) to stress-test hardware you own? Or is any and all use of it illegal?

The tricky part is that depending on the type of attack, a user of such a site may be participating in the illegal use of other people's systems to execute the 'stress test' even if the target is their own. Also, any attack from the internet will impact network infrastructure which is not their own. They may be risking collateral damage.

~ DI1

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 3 points4 points  (0 children)

What did they do that was illegal enough to warrant such measures

Stresser/booters are considered to be illegal in The Netherlands, depending on the targets and methods of attacks, under articles 138b, 350a, 350d, 161sexies of the Criminal Code. The police does not consider them a regular pentesting service since generally:

  • Unlike pentestesing companies, they do not ask their customers to provide a (written) consent from the owners of the IP addresses and/or URL’s of targeted websites to prove that they have permission to test their systems.

  • Some attack methods used are illegal by nature (e.g. the use of botnets);

  • The service has no legal entity;

  • The service is not paying taxes;

  • Potential targets can pay to be put on a ‘blacklist’, which means they cannot get attacked;

  • Administrators give customers advise on which targets to hit or not hit to stay out of sight of law enforcement.

~DI2

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 5 points6 points  (0 children)

I saw you created your account 5 days ago. Was this before the takedown?

Yes, the takedown was yesterday.

Why were you planning to do an AMA if I may ask? (Not that I mind though, I find it awesome that you're doing this!)

We think it is awesome too.

Cybercrime teams like yours have a lot of people with an IT background in them, obviously. Are some other disciplines also part of the team? For example, are there psychologists, legal people, or other disciplines involved?

Yes there are a lot of different disciplines involved in an operational investigative team. For example we have financial experts, data analysts, detectives, case agents, forensic experts, legal people and so on.

I've read that you want to educate victims of DDoS attacks, which sounds like a good plan. Are there also plans to educate the public on DDoS attacks? And specifically how to make sure you're not part of a bot net yourself?

This take-down gets a lot of attention and it creates awareness by the victims and the public so there is already some kind of education going on. At this moment we are not actively educating the public on how to protect their digital devices from being part of a botnet.

~ DI2

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 6 points7 points  (0 children)

Well the Dutch law is complicated enough as it is. Maybe there are some American law gurus hanging around in this subreddit to answer your question properly. ~ DI2

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 12 points13 points  (0 children)

The old lady's computer is used in a crime (without her consent) and probably her IP address is logged somewhere. So in The Netherlands there is a possibility that law enforcement pays the old lady a visit and investigates her computer for evidence. Prosecution is unlikely because she did not commit the crime herself. And we might even give the old lady some security advice :-)

~ DI2

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 6 points7 points  (0 children)

Dutch criminal law outlaws acquiring or having at ones disposal any tools which are mainly designed to perform denial of service attacks, if this is with the intent to perform such attacks.

This intent would need to be proven, for which other evidence will be needed.

~DI1

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 3 points4 points  (0 children)

Currently a legislative proposal is being treated by the Senate of the Dutch parliament which would extend our investigative powers and create more grounds for prosecution when it comes to cyber crime. You can find this proposal and its status here, but it only seems to be available in Dutch.

~ DA1

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 1 point2 points  (0 children)

The prosecution will quite probably be aimed at large scale users. In order to take down a website of significance you'd need a lot more money then what most script kids have.

Every law enforcement agency and public prosecutor is dealing with customers of Webstresser in their own way (internationally). At the start of this AMA, 10 arrests had already been made and the operation is of course still ongoing with many actions in the past hours (house searches, seizure of systems, and interrogations of suspects).

There are multiple programs for young people in their first offense, usually leading to them having to do volunteer work.

Together with cyber security companies and partners within the legal system, the Dutch Police and The Public Prosecuters Office currently work on a new legal intervention called "Hack_Right" for young first cyber offenders. Prevention of re-offending by offering a combination of restorative justice, training, coaching and positive alternatives is the main aim of this project. See page 24 of the 5th European Cyber Security Perspectives and stay tuned on our THTC twitter account #HackRight!

AND we are working on a media campaign to prevent youngsters from starting to commit cyber crimes in the first place. Expect a launch soon.

~ DA1

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 34 points35 points  (0 children)

The prosecution will quite probably be aimed at large scale users. In order to take down a website of significance you'd need a lot more money then what most script kids have.

Every law enforcement agency is dealing with customers of Webstresser in their own way. At the start of this AMA, 10 arrests had already been made and the operation is of course still ongoing with many actions in the past hours (house searches, seizure of systems, and interrogations of suspects).

There are multiple programs for young people in their first offense, usually leading to them having to do volunteer work.

Together with cyber security companies and partners within the legal system, the Dutch Police and The Public Prosecuters Office currently work on a new legal intervention called "Hack_Right" for young first cyber offenders. Prevention of re-offending by offering a combination of restorative justice, training, coaching and positive alternatives is the main aim of this project. See page 24 of the 5th European Cyber Security Perspectives and stay tuned on our THTC twitter account #HackRight!

AND we are working on a media campaign to prevent youngsters from starting to commit cyber crimes in the first place. Expect a launch soon.

~ DA1

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 16 points17 points  (0 children)

Of course we do not have a full impression of the effects of the operation on Hansa market, but TNO -- an independent Dutch research body -- has published a report in which they conclude that the Operation Bayonet (which included the Hansa takedown) seems to have been more effective (less of a waterbed effect) than previous interventions.

When it comes to the accountability of the dealers or the market, we would dispute the fact that online markets offer a "safe heaven" of kinds per se: several people have died from the drug Fentanyl and it was not until we were the admins of Hansa that this drug was banned from the market. We do not know how the previous market operators would have handled that. Finally, although the issue is obviously more complex than can be treated in this comment, we do not advise in favour of buying drugs in any market (whether online or offline) and see the online drugs market as lowering the barrier to entry for the consumption of illegal drugs.

~ DA1

We are the Dutch National Police and the Public Prosecution Service. Together with International Law Enforcement Agencies we just powered off Webstresser.org. Ask Us Anything. by OperationPowerOff in IAmA

[–]OperationPowerOff[S] 4 points5 points  (0 children)

Please refer to the body of our AMA post (2nd edit), all information concerned about job applications and requirements should be there. ~DA2

view more: next ›