Europol helped in the operation led by the Croatian police.
Croatian cyber-crime police officers have discovered and arrested the owner of the world’s largest illegal Internet service for DDoS cyber-attacks, the Interior Ministry announced on April 25, 2018.
Webstresser.org was the world’s largest Internet service where users were able to order Distributed Denial of Service (DDoS) cyber-attacks on owners of legal websites all over the world. With more than 136,000 registered users and four million cyber-attacks conducted by April 2018, Webstresser represented the most significant threat to vital online services offered by banks, the business sector and state institutions around the world.
Webstresser was administered by a nineteen-year-old Croatian citizen who was arrested on 24 April and was reported for suspicion of having committed a criminal offence of “Serious Criminal Offenses against Computer Systems, Programs and Data,” for which he could be imprisoned from between one to eight years.
The criminal investigation was carried out by police officers from the newly-established Cyber Security Department of the Criminal Police Administration, thereby confirming the readiness of the Croatian police to deal with the most complex forms of cybernetic threats.
In addition to the Croatian police officers, the police forces of the Netherlands, Great Britain, Canada, Serbia, Spain, Italy and Hong Kong also participated in the operation, supported by Europol. They also arrested users of the DDoS attack services. The international police cooperation was crucial for achieving excellent results of the operation carried out under the code name Manufacture.
During the implementation of DDoS attacks provided by Webstresser, the attackers would remotely manage devices connected to the Internet and route a large amount of Internet traffic to a particular website or Internet platform, which would result in a slowdown of the targeted site or its complete inaccessibility. Thus, Internet service users are not able to access different online services.
Perpetrators executing DDoS attacks used to be well-versed in how Internet technology works, but with the emergence of illegal services like Webstresser that is no longer the case. Every Webstresser user was able to pay a fee through an online payment platform or by using crypto-currencies such as Bitcoin. The infrastructure that allowed DDoS attacks on user-selected websites was available for as little as 15 euro.