Distributed Denial of Service (DDoS) attacks are on the rise, affecting individuals, private businesses and government-funded institutions alike. As part of a large warning to cybercriminals, the UK's National Crime Agency (NCA) has arrested 12 individuals for using a DDoS-for-hire service called Netspoof. "Operation Vulcanialia" targeted 60 citizens in total, and led to 30 cease and desist notices, and the seizure of equipment from 11 suspects. The NCA says it had two focuses: arresting repeat offenders and educating first-time users about the consequences of cybercrime.
The work formed part of Operation Tarpit, a larger effort co-ordinated by Europol. Law enforcement agencies from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Spain, Sweden, the UK and the US targeted users of DDoS tools together, resulting in 34 arrests and 101 suspects being interviewed and cautioned. The UK's contribution was spearheaded by intelligence gathered by the West Midlands Regional Cyber Crime Unit, and executed by Regional Organised Crime Units under the watchful eye of the NCA. Some of the arrests were detailed in a press release -- all but one was under the age of 30.
Netspoof allowed anyone to initiate potentially devastating DDoS attacks from as little as £4. Packages soared to as much as £380, however, depending on the user's requirements. It meant almost anyone, regardless of their technical background, could take down sites and services by flooding them with huge amounts of data. The trend is representative of the increase in cybercrime and how easy it is for people to wield such powers. DDoS attacks aren't comparable to hacking, but they're still a worrisome tactic for businesses. Knocking a service offline can affect a company's finances and reputation, angering customers in the process.
Twelve arrests is by no means insignificant, but it almost certainly represents a small number of DDoS users. Still, it's a warning shot from the NCA -- it's aware of the problem, and officers are putting more resources into tracking those who both use and facilitate such attacks on the internet.