The National Crime Agency has infiltrated a cyber crime marketplace by setting up websites pretending to offer the tools needed to mount distributed denial of service (DDoS) attacks.
The sting was part of an international law enforcement response targeting criminal DDoS-for-hire infrastructures worldwide, known as Operation PowerOff.
Several thousand people have accessed these websites, which offer what are known as DDoS-for-hire, or “booter”, services. The details of people that have registered with the fake website have been collated by investigators.
The NCA has now identified one of the websites it was running, replacing it with a message that the users have had their data collected and “will be contacted by law enforcement”.
Those in the UK will be contacted by the NCA or police and warned about engaging in cyber crime, while the details of those overseas is being passed to international law enforcement.
DDos attacks, where compromised computer systems bombard a target, such as a server or website, force the organisations targeted offline, often causing huge financial and reputational damage. These attacks are illegal in the UK under the Computer Misuse Act 1990.
“DDoS-for-hire, or ‘booter’, services allow users to set up accounts and order DDoS attacks in a matter of minutes,” said the NCA. “Such attacks have the potential to cause significant harm to businesses and critical national infrastructure, and often prevent people from accessing essential public services.”
Alan Merrett from the NCA’s National Cyber Crime Unit said “booter services” are a key enabler of cyber crime. “The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease,” he said.
Merrett added that traditional site takedowns and arrests are key components of law enforcement’s response to threats, but said: “We have extended our operational capability with this activity, at the same time as undermining trust in the criminal market.”
The NCA said it will not reveal how many sites it has or for how long they have been running. Merrett said: “Going forward, people who wish to use these services can’t be sure who is actually behind them, so why take the risk?”
In December, the UK NCA, working alongside the FBI, the Dutch Police and European Union law enforcement agency Europol, took down 48 of the world’s most widely used booter sites suspected of being used by cyber criminals and other threat actors to conduct DDoS attacks.
Operation PowerOff also saw the NCA arrest an 18-year-old Devon man, who is suspected of being the administrator of one of the websites, and charges were also filed against six individuals in the US.
The wider operation is an ongoing, coordinated response by law enforcement targeting criminal DDoS-for-hire infrastructure. Besides the website seizures, participating agencies are also running ad campaigns targeting people searching the web for such services.
Industry partners Akamai, Cloudflare, Digital Ocean, Entertainment Software Association, Google, Oracle, Palo Alto Networks Unit 42, PayPal, Unit 221B, the University of Cambridge and Yahoo also provided assistance and intelligence in the operation.