A website linked to more than four million cyberattacks across the globe has been shut down following an investigation led by the National Crime Agency (NCA) and the Dutch National Police, in collaboration with international law enforcement partners.

The administrators of the DDoS marketplace webstresser.org were arrested on Wednesday, and were located in the United Kingdom, Croatia, Canada and Serbia, according to Europol officials. Further measures were taken against the top users of this marketplace in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong.

The illegal service was shut down and its infrastructure seized in the Netherlands, the US and Germany. Webstresser.org was considered the world’s biggest marketplace to hire Distributed Denial of Service (DDoS) services, with over 136 000 registered users and 4 million attacks measured by April 2018. The orchestrated attacks targeted critical online services offered by banks, government institutions and police forces, as well as victims in the gaming industry.

In a DDoS attack enabled by such a service, the attacker remotely controls connected devices to direct a large amount of traffic at a website or an online platform. Whether this traffic eats up the website’s bandwidth, overwhelms the server, or consumes other essential resources, the end result of an unmitigated DDoS attack is the same: the victim website is either slowed down past the point of usability, or it’s knocked completely offline, depriving users from essential online services.

It used to be that in order to launch a DDoS attack, one had to be pretty well versed in internet technology. That is no longer the case. With webstresser.org, any registered user could pay a nominal fee using online payment systems or cryptocurrencies to rent out the use of stressers and booters.

Fees on offer were as low as $14.99 a month, thus allowing individuals with little to no technical knowledge to launch crippling DDoS attacks.

“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online”, said Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3).

“It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimising millions of users in a moment form anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks,” he added.