The UK’s National Crime Agency (NCA) has revealed that it has infiltrated the online criminal marketplace by setting up several sites purporting to offer DDoS-for-hire services. The Agency has been undertaking a sustained programme of activity to disrupt and undermine distributed denial of service as a criminal service, revealing the details of one of the sites currently being run by officers.
The NCA said it replaced the site’s domain with a splash page warning users that their data has been collected and that they will be contacted by law enforcement. DDoS attacks pose a persistent threat to organizations, with a developing as-a-service cybercrime model making DDoS attacks easier for cybercriminals to carry out.
NCA-run DDoS-for-hire sites accessed by thousands
All the NCA-run sites, which the NCA said have been accessed by several thousand people so far, have been created to look like they offer the tools and services that enable cyber criminals to execute DDoS attacks. “However, after users register, rather than being given access to cybercrime tools, their data is collated by investigators,” the NCA wrote.
Users based in the UK will be contacted by the NCA or police and warned about engaging in cybercrime, with information relating to those based overseas being passed to international law enforcement, the NCA said.
“Booter services are a key enabler of cybercrime,” commented Alan Merrett from the NCA’s National Cyber Crime Unit. “The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.”
Operation Power Off continues to tackle DDoS activity
Traditional site takedowns and arrests are key components of law enforcement’s response to this threat, but the NCA has extended its operational capability with this activity, at the same time as undermining trust in the criminal market, he added. “We will not reveal how many sites we have, or for how long they have been running.”
This activity forms part of Operation Power Off, the coordinated international response targeting criminal DDoS-for-hire infrastructures worldwide. In December 2022, international police shut down dozens of popular websites that allowed paying users to launch DDoS attacks, arresting alleged administrators of the sites.