U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

Cyber Security

Mar 25, 2023Ravie LakshmananCyber Crime / DDoS Attack

In what’s a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground.

“All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” the law enforcement agency said.

“However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators.”

The effort is part of an ongoing international joint effort called Operation PowerOFF in collaboration with authorities from the U.S., the Netherlands, Germany, Poland, and Europol aimed at dismantling criminal DDoS-for-hire infrastructures worldwide.

DDoS-for-hire (aka “Booter” or “Stresser”) services rent out access to a network of infected devices to other criminal actors seeking to launch distributed denial-of-service (DDoS) attacks against websites and force them offline.

Such illegal platforms offer a range of membership options, charging their clientele anywhere between $10 to $2,500 per month.

“Their ease of access means these tools and services have made it easier for people with low level cyber skills to commit offences,” the NCA noted back in December 2022, when a coordinated exercise led to the dismantling of 48 booter sites.

The NCA said it will not reveal the number of sites it’s operating so that individuals who plan on using such services in the future will have to consider if it’s worth the risk.

“Booter services are a key enabler of cyber crime,” Alan Merrett, a member of the NCA’s National Cyber Crime Unit, said in a statement.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

“The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.”

This is not the first time law enforcement agencies have stealthily operated fake services to combat criminal activity in the digital sphere.

In June 2021, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) revealed that they ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Samsung Galaxy S25 FE Tipped to Feature Dimensity 9400 Chipset; Could Reportedly Arrive With ‘Slim’ Design
Brazil lifts ban on X after Elon Musk complies with court orders
Elon Musk hypes $30,000 Tesla self-driving Cybercab and larger Robovan at robotaxi event
Apple Adds Support for Wired Xbox Controllers on iPhone, iPad and Mac With Latest Update: Report
Apple Watch Series 10 Teardown Reveals Battery Capacity, Other Details; Gets Poor Repairability Score