Dutch police orchestrate takedown of 15 DDoS-for-hire services

Written by

Dutch law enforcement has shut down 15 DDoS-for-hire services that were used to run cyberattacks aimed at knocking websites and networks offline.

Although they did not reveal the names of the DDoS-for-hire booters that they stopped, Police in The Netherlands were able to arrest a 19-year-old man from The Netherlands, who is suspected of orchestrating a DDoS attack against two websites that provide information on the coronavirus. The affected websites, MijnOverheid.nl and Overheid.nl, were unavailable for several hours on March 19 after being bombarded with traffic, according to the Dutch police.

“We want to protect people and companies and make it increasingly difficult for cyber criminals to carry out a DDoS attack,” the head of the cyber crime team of the Central Netherlands police, Jeroen Niessen, said in a statement on the takedown.

Dutch citizens may have found the interruptions to Overhead.nl particularly exasperating because the site is used as a “digital letterbox” to receive communications, including information about the pandemic, from the government.

“The availability of this site to citizens is crucial for the country, especially during these times,” the Dutch police said.

“By flattening a website like this, you are denying citizens access to their personal data and important government information. We take this very [seriously], especially now that the corona[virus] crisis is causing additional uncertainty and a great need for information for many people,” Niessen added.

Dutch police have been pushing in recent years to stop Distributed Denial of Service attacks, which can overload computers with so much traffic that they become inaccessible. Last year, for example, Dutch police took down a hosting company that helped cybercriminals propagate hundreds of thousands of DDoS attacks. The year prior, the U.S. Department of Justice, in concert with the Dutch police and the U.K.’s National Crime Agency, knocked down 15 internet domains used to launch DDoS attacks.

The Dutch police will continue to tackle new services, companies, and individuals involved in making DDoS attacks easier to operate moving forward, according to Niessen.

“If they pop up elsewhere, we will immediately work on it again,” Niessen said. “Our goal is to seize more and more booters.”

In the meantime, the Dutch police advised victims against paying cybercriminals behind DDoS attacks in the hopes that they call the police to investigate and hold them accountable instead.

“Don’t give the cyber criminals money, as this may seem like a quick fix to get your site back up and running, you run the risk of getting rid of them,” the police advised.