OperationPowerOff

What kind of prosecution are the users of this service going to face?

The charges they face depend on many things like the laws of the country they live in, their age, the number of attacks they have committed and other circumstances.

DDOS websites like this are notorious for being used by "script kiddies" - generally young people with little idea of what they are doing, technically and morally. Have you any ideas on how to prevent this kind of behaviour? Is it a matter of education?

Together with cyber security companies and partners within the legal system, the Dutch Police and The Public Prosecutors Office currently work on a new legal intervention, called "Hack_Right", for young first cyber offenders, exactly for the reasons you mention. Prevention of re-offending by offering a combination of restorative justice, training, coaching and positive alternatives is the main aim of this project. See page 24 of the 5^th European Cyber Security Perspectives and stay tuned on our THTC twitter account #HackRight!

AND we are working on a media campaign to prevent youngsters from starting to commit cyber crimes in the first place. Expect a launch soon.

~SA1

Websites that sell stressers often operate under the guise of legitimacy, and there are genuine use cases for buying stressers online. How do you decide when a website is involved in malicious activity?

Stresser/booters are considered to be illegal in The Netherlands, depending on the targets and methods of attacks, under articles 138b, 350a, 350d, 161sexies of the Criminal Code. The police does not consider them a regular pentesting service since there is generally a combination of the following factors :

• there is no check up on the customers and the IP addresses and/or URL’s of targeted websites
• some attack methods are illegal by nature (e.g. use of botnets)
• administrators were active anonymously
• payments could be done anonymously
• potential targets had to pay to be put on a ‘blacklist’, which meant they could not get attacked
• administrators advised customers on which targets to hit or not hit to stay out of sight of law enforcement.

That being said, a judge will always take all circumstances into consideration when coming to a verdict.

The same is true for piracy for instance (The Pirate Bay CAN be used for legitimate torrents but in reality it isn't). However, in the Netherlands this has been a legal debate for years now where a judge has the final call. Do you see similarities between cases?

The legal grounds as well as the phenomena differ substantially, so a more or less direct analogy would not be applicable in our opinion.

~ DA1

Since there were a lot of users and most users registered anonymously, we cannot give a full overview of the demographics of the Webstresser customers. However, we did find numerous attacks on gaming servers. In general we find that a lot of cybercrimes are committed by young (ages ranging from 12 to 23) people. Not all of them are aware of the fact that they have committed a crime and/or the consequences. Others are more calculative offenders. The charges they face depend on many things like the laws in the country they live in, their age, the number of attacks they committed and other circumstances. ~ SA1

¯\_(ツ)_/¯

Edit: thanks for the heads-up Natanael!

~ DA1

Always interested in your profile. You can DM us on our THTC twitter account. ~ SA1