The National Crime Agency has today revealed that it has infiltrated the online criminal marketplace by setting up a number of sites purporting to offer DDoS-for-hire services.
Today’s announcement comes after the Agency chose to identify one of the sites currently being run by officers as part of a sustained programme of activity to disrupt and undermine DDoS as a criminal service.
The NCA replaced the site’s domain with a splash page warning users that their data has been collected and they will be contacted by law enforcement.
Distributed Denial of Service (DDoS) attacks, which are designed to overwhelm websites and force them offline, are illegal in the UK under the Computer Misuse Act 1990.
DDoS-for-hire or ‘booter’ services allow users to set up accounts and order DDoS attacks in a matter of minutes. Such attacks have the potential to cause significant harm to businesses and critical national infrastructure, and often prevent people from accessing essential public services.
All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks.
However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators.
Users based in the UK will be contacted by the National Crime Agency or police and warned about engaging in cyber crime. Information relating to those based overseas is being passed to international law enforcement.
Alan Merrett from the NCA’s National Cyber Crime Unit said: “Booter services are a key enabler of cyber crime.
“The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.
“Traditional site takedowns and arrests are key components of law enforcement’s response to this threat. However, we have extended our operational capability with this activity, at the same time as undermining trust in the criminal market.
“We will not reveal how many sites we have, or for how long they have been running. Going forward, people who wish to use these services can’t be sure who is actually behind them, so why take the risk?”
This activity forms part of Operation Power Off, the coordinated international response targeting criminal DDoS-for-hire infrastructures worldwide.
In December last year, 48 of the world’s most popular booter sites were taken offline by the FBI, following close collaboration with the National Crime Agency, Netherlands Police and Europol.
The NCA also arrested an 18-year-old man in Devon, who was suspected of being an administrator of one of the sites.
The sites seized were the biggest DDoS-for-hire services on the market, with one having been used to carry out over 30 million attacks.
24 March 2023