Sometimes the direct approach is the best. Dutch cybercrime police have a message for almost 30 users of an on-demand distributed-denial-of-service site: “We see what you're doing, now cut it out or we're going to arrest you.” Not for the first time, the move shows police in Europe attempting to move offenders, who are often young men, away from criminality, rather than arresting them outright.
On 11 October 2021, Dutch National Police said they issued a written warning to 29 individual hackers they have identified, telling them that if they continue to use DDoS services, they will be arrested and prosecuted. Law enforcement is trying to provide an alternative legal pursuit. "The aim of the letter is to inform the recipients about the criminality and consequences and also to offer them alternatives," police say. To that end, police suggested to the letter recipients that they explore more positive and legal pursuits. Below are some examples:
- Gamechangers: An online site, maintained by Dutch National Police, offering ethical hacking challenges.
- Crimediggers: This fictional site allows participants to play the role of a digital specialist in a police cybercrime team, using digital forensic skills to investigate the sudden, unexpected disappearance of a Dutch politician.
- ESL Gaming: Formerly known as Electronic Sports League, ESL is an esports organizer and production company that produces video game competitions worldwide. ESL was the world's largest esports company.
- Hack the Box: The site describes itself as being "a massive, online cyber security training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills."
Police say they identified the notified individuals as part of an ongoing operation into a DDoS-on-demand, AKA: stresser/booter service, identified in www.minesearch.rip. The investigation was initiated by a games site that says it was disrupted by this stresser/booster service. Police say dozens of other reports have also been filed by other businesses as well as government authorities, pertaining to the same DDoS service.
As part of their www.minesearch.rip probe, Dutch police say they searched the homes of two 19 year old suspects in the cities of Spijkenisse and Winschoten and seized computer devices and smartphones for digital forensic analysis. "The police investigation is still ongoing," government authorities report.
On-Demand DDoS Attacks - Stresser/booter sites typically operate by using a botnet compromised of malware-infected (bot-infected) systems, which can be instructed to funnel junk traffic at a designated site, in the hope of overwhelming its servers and knocking the site offline. Historically, games sites have been a regular target for DDoS attacks, and especially right before the Christmas holiday. Based on past police reports and charging documents, many users and administrators of such sites are young men. Indeed, there appears to be a never-ending supply especially of individuals in their late teens who create and use such services.
It's not clear how many stresser/booter service users understand, or even care, that not only are DDoS attacks illegal, but that they can have serious economic consequences for a targeted business. Police are often able to recover evidence of which service users ordered the attack, following the ransom money, and tracing who paid for the attack and how. Law enforcement is getting much better and oftentimes even can follow cryptocurrency transactions.
The police are suggesting to – “Try Ethical Hacking Instead.” The letters sent by Dutch police to suspects are only the latest in a long line of such outreach efforts across Europe. As an example, in 2017 the UK’s National Crime Agency (NCA) began testing weekend rehab camps for young cybercriminals. One attendee subsequently told the BBC, "Now that I know cybersecurity exists, it sounds like it would be something I really, really want to go into. You get the same rush, the same excitement, but you are using it for fun still, but it is legal and you get paid. So, it's every kind of benefit."
As a part of an intelligence investigation into the notorious Webstresser stresser/booter service, law enforcement agencies in 2018 arrested six alleged administrators and identified some of the site's 136,000 registered arrests, who collectively had launched more than 4 million attacks since the service's 2015 launch. Beginning in November 2018, a coalition of UK law enforcement agencies had executed multiple warrants, seized dozens of devices, and issued a number of "cease and desist" notices to suspected Webstresser users.
The NCA now coordinates with local and regional police cybercrime teams in a program called Cyber Choices. The program touts that it "was created to help people make informed choices and to use their cyber skills in a legal way."
In 2018, the Netherlands police and prosecutors launched an experimental program called Hack_Right, aiming to keep first-time offenders ages 12 to 23 from graduating to more serious cyber-crimes by implementing a four-phase program: recovery, training, alternatives and coaching that included having the offenders complete internships in IT departments. In 2019, the program received more assistance with 20 business partners pledging support. Criminal court judges can also require offenders to work with the program, as part of their sentencing or plea agreement.
"Hackers between the age of 12 and 23, who have committed a cybercrime for the first time, are given the opportunity to improve their behavior within Hack_Right," according to an overview published by Dutch security cluster Security Delta (HSD). "The youngsters get an alternative or additional punishment aimed at recovery, training and coaching. The objective of Hack_Right is preventing recidivism, and at the same time letting the youngster develop their talents, within the legal framework." About 100 young offenders per year now work with this program.
Program partners include not only Dutch police and prosecutors, but also firms such as Fox-IT, KPN, Deloitte, ING, DutchDare International, Radically Open Security and Guardian360.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or email@example.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings