Europol announced today that law enforcement agencies around the globe arrested 34 users and questioned and warned 101 more on charges of launching DDoS attacks using DDoS-for-hire services.

The suspects, mostly under the age of 20, are accused of renting DDoS booters (also called DDoS stressors) to launch DDoS attacks against gaming providers, government agencies, internet hosting companies, schools and colleges.

Law enforcement agencies in Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States participated in this action, codenamed Operation Tarpit.

Netspoof DDoS-for-hire service at the heart of Operation Tarpit

At the source of Operation Tarpit is Operation Vulcanalia, an older investigation by the UK's National Crime Agency (NCA), into the activity of a DDoS-for-hire service called Netspoof.

Behind Netspoof was a UK teen, Grant Manser, 20, of Kidderminster, a town near Birmingham, who between January 2012 and November 2014 created and managed Netspoof and three other DDoS booter services such as Dejabooter, Vexstresser, and Refinedstresser.

Authorities said Manser made around £50,000 ($63,200) from his DDoS-for-hire services, and that his operations grew so large, that he had to hire support staff.

According to court documents, Manser's sites had 12,800 registered users, of which 400 bought his tools, launching 603,499 DDoS attacks on 224,548 targets.

UK Police saidManser charged between £4.99 and £20 ($6.3 and $25), and payments were handled via PayPal. Authorities eventually tracked down Manser through his PayPal accounts.

Netspoof DDoS booter
Netspoof DDoS booter website (Credit: Sam Bowne)

In April 2016, a UK judge sentenced Manser to two years youth detention suspended for 18 months, 100 hours of community work and a fine of £800 ($1,130).

The judge said he went easy on Manser because he built safeguards in his tools to prevent users from attacking police, hospitals, and other government institutions. The judge was also impressed that Manser saved his money, instead of blindly spending it on lavish objects such as cars and jewelry, like other crooks.

Netspoof database used to go after aggressive DDoS attackers

It appears that the NCA is now using the data they obtained from Netspoof to go after Manser's clients, one by one, with the help of Europol and other agencies around the world.

According to the Europol statement, investigators are only warning one-time users, and aggressivly going after repeat offenders, users who used the service multiple times.

For example, Romania's DIICOT (Directorate for Investigating Organized Crime and Terrorism) has arrested a suspect that starting 2013 had launched over 2,000 DDoS attacks totaling over 250 hours.

Europol launches educational campaign about DDoS-for-hire services

Europol is using these mass arrests to kick off a prevention campaign in all member countries aimed at educating parents and teenagers about the dangers of renting DDoS-for-hire services, and the side-effects a criminal investigation could have on the lives of teenagers that act on a grudge against an online entity.

"The teenagers that become involved in cybercrime often have a skill set that could be put to a positive use," said Europol. "Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to anyone with an interest in these areas."

An in-depth study about why and how teenagers take up cybercrime activities was also made available.

Europol poster