Law enforcement agencies arrested 34 suspects in 13 countries, including the U.K and the U.S., as part of a crackdown last week on DDoS (distributed denial-of-service) attacks.
The arrests targeted buyers of DDoS-for-hire services, which get paid to flood websites or internet-connected systems with traffic, forcing them to go offline.
In addition to the 34 arrests, law enforcement agencies interviewed and warned another 101 individuals. Many of the suspects were under the age of 20, the European Union police agency Europol said in a Monday statement.
Most buyers of DDoS-for-hire services use them to pull pranks, often in online gaming. For example, a flood of traffic can be sent to a rival player’s IP address, severing his or her internet connection to a game.
But DDoS attacks can also be used for more malicious purposes. For example, hackers have used them to shut down online businesses as part of extortion schemes.
In more extreme cases, massive DDoS attacks can be used to disrupt the internet all across a country, like what happened in a bombardment against DNS service provider Dyn in October that slowed access to many popular websites in the U.S.
It doesn’t help that DDoS-for-hire service have made it easy for amateurs to launch such attacks. Security firm Imperva estimates that the percentage of DDoS attacks relying on these services has risen to 93 percent.
One DDoS-for-hire service targeted in last week's crackdown was called Netspoof, according to the U.K.’s National Crime Agency. It offered subscription packages for as little as $5 or as much as $480. Some customers were paying more than $10,000 to launch hundreds of attacks through the service, the agency said.
“Victims have included gaming providers, government departments, internet hosting companies, schools and colleges,” the agency said.
As part of the crackdown, the FBI detained a 26-year-old in California named Sean Sharma, an alleged buyer of a DDoS-for-hire service. He was charged with launching an attack against a website belonging to an unnamed San Francisco-based chat service. If convicted, Sharma could face up to 10 years in prison, the FBI said in a statement.
It's unclear how many DDoS-for-hire services were shut down as part of last week's crackdown. But the investigation also involved authorities in France, Spain, other European countries, and Australia.