Global police crackdown on DDoS services nets suspected teenage cybercriminals

An international law enforcement crackdown on users of cheap, widely-accessible cybercrime tools that can knock websites offline with ease has resulted in 34 arrests and 101 cautions around the world, with many of the suspects "young adults under the age of 20."

The operation, which had different titles in various jurisdictions, ran from 5-9 December and targeted individuals suspected of paying for distributed-denial-of-service (DDoS) services which can be purchased for as little as £4 on the Dark Web.

Europol, the police force of the European Union (EU), which co-ordinated the joint operation with agents from the FBI and the UK's National Crime Agency (NCA), said police aimed to deter youth into wading into the world of cybercrime by using arrests, warnings and fines.

In the UK, 12 people were arrested as part of the NCA operation – codenamed Operation Vulcanalia.

The agency focused on a type of DDoS tool known as Netspoof which offered wannabe cybercriminals "subscription packages" priced from £4 to £8,000.

This sort of service comes as part of a burgeoning "DDoS-for-hire" industry.

The NCA said that Netspoof victims included gaming providers, government departments, internet hosting companies, schools and colleges but not provide names.

Arrests included a 27-year-old male from Scotland, a 23 year-old-male from Barry, Wales, an 18 year-old male from Lancashire, a 22 year-old male from North Wales, a 30 year-old male from Peterborough, a 20 year-old male from Wokingham, a 20 year-old male from Portsmouth and a 22 year-old male from Milton Keynes.

The scale of this problem is 'truly global'

Operation Vulcanalia was based on intelligence from the West Midlands Regional Cyber Crime Unit. In total, it saw 12 arrests, 30 cease and desist notices, the seizure of computers from 11 suspects, one protective visit and the issuing of two cautions.

Jo Goodall, a senior investigating officer with the NCA's cybercrime unit, said: "These attacks pose a huge cost to the economy.

"It is not a victimless crime. It can cost very little to buy this illegal software so these attacks can now be launched by the relatively unskilled and almost anyone with a grievance. The scale of the problem is truly global. It requires worldwide co-operation which we have seen on this job with the focus on arresting those who won't change their ways, and trying to prevent those who will from future offending."

The complex operation was supported by Europol's European Cybercrime Centre (EC3) and included police forces in Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the UK and the US.

"Today's generation is closer to technology than ever before, with the potential of exacerbating the threat of cybercrime," said Steven Wilson, head of the EC3.

"One of the key priorities of law enforcement should be to engage with these young people to prevent them from pursuing a criminal path, helping them understand how they can use their skills for a more constructive purpose."

In the US, the FBI issued a statement detailing the case of 26-year-old student from California called Sean Sharma, who was among the suspected detained in the sweep. He was arrested on 9 December and now faces up to 10 years in prison.

"DDoS tools are among the many specialised cybercrime services available for hire that may be used by professional criminals and novices alike," said Steve Kelly, an FBI unit chief.

"While the FBI is working with our international partners to apprehend and prosecute sophisticated cyber criminals, we also want to deter the young from starting down this path."