Gardaí receive intelligence on thousands of hackers from Europol

The information could lead to the arrest of those involved in attacks on State websites

The webstresser.org site is thought to have been responsible for more than four million cyber-attacks, including many on Irish-based websites.
The webstresser.org site is thought to have been responsible for more than four million cyber-attacks, including many on Irish-based websites.

Garda cybercrime experts are examining a massive intelligence trove from Europol which they believe could lead to the arrest of hackers involved in attacks on Government websites.

Last year, an international operation led by Dutch police and the UK's National Crime Agency took down an online service which allowed users to launch sophisticated attacks on websites for as little as €15.

The site, webstresser.org, is thought to have been responsible for more than four million cyber attacks including many on Irish-based websites.

Europol, which coordinated the operation, has now transferred an "intelligence package" containing details of the site's 151,000 registered users, to the Garda National Cyber Crime Bureau, a spokeswoman told The Irish Times.

READ SOME MORE

The data is understood to contain details of a significant number of Irish users, including some who may have been involved in a series of seemingly co-ordinated cyber attacks on the Government in 2016.

The websites of the Central Statistics Office, the Department of Justice and the Courts Service were targeted along with the National Lottery's site.

There have been many other cyber attacks in Ireland in recent years but the majority are unlikely to be solved. The Garda believe as little as five per cent of cybercrimes are reported to gardaí.

A Garda spokesman confirmed the receipt of the data from Europol this week. No arrests have been made to date.

“The Garda National Cyber Crime Bureau has worked closely in cooperation with Europol, along with a number of other law enforcement agencies, as part of Ireland’s response to this type of activity.

“As part of this operation, officers from the Bureau are assessing information provided by Europol and investigations are ongoing.”

The webstresser.org site offered users the ability hire others to launch Dedicated Denial of Services (DDoS) attacks on a target of their choosing.

DDoS attacks involve overwhelming a website with hundreds of requests at once, causing the site to crash. It has been used as a form of petty vandalism and by online activist groups such as Anonymous.

Legislation

In the past the use of such attacks has been confined to highly-skilled computer experts who are able to access hundreds or thousands of different IP addresses.

However, sites such as webstresser.org allow people with minimal computer knowledge to find and hire expert hackers on the site’s marketplace. In return for a small sum of money, these hackers carried out DDoS attacks on behalf of users, using their existing networks of IP addresses.

Ireland is one of about 20 countries to receive intelligence from Europol about webstresser.org’s users. In the UK, police have started interviewing suspects for DDoS attacks and have seized 60 personal electronic devices.

The Garda has built up its anti-cybercrime resources in recent years in response to the number of tech companies setting up in Ireland and an increase in online fraud and child pornography offences.

However, Irish law has lagged behind. There is no specific offence covering cyber attacks such as DDoS, and the few suspects who have been prosecuted have been charged under criminal damage legislation.

Conor Gallagher

Conor Gallagher

Conor Gallagher is Crime and Security Correspondent of The Irish Times