Cyber Security

U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

Mar 25, 2023Ravie LakshmananCyber Crime / DDoS Attack

In what’s a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground.

“All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” the law enforcement agency said.

“However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators.”

The effort is part of an ongoing international joint effort called Operation PowerOFF in collaboration with authorities from the U.S., the Netherlands, Germany, Poland, and Europol aimed at dismantling criminal DDoS-for-hire infrastructures worldwide.

DDoS-for-hire (aka “Booter” or “Stresser”) services rent out access to a network of infected devices to other criminal actors seeking to launch distributed denial-of-service (DDoS) attacks against websites and force them offline.

Such illegal platforms offer a range of membership options, charging their clientele anywhere between $10 to $2,500 per month.

“Their ease of access means these tools and services have made it easier for people with low level cyber skills to commit offences,” the NCA noted back in December 2022, when a coordinated exercise led to the dismantling of 48 booter sites.

The NCA said it will not reveal the number of sites it’s operating so that individuals who plan on using such services in the future will have to consider if it’s worth the risk.

“Booter services are a key enabler of cyber crime,” Alan Merrett, a member of the NCA’s National Cyber Crime Unit, said in a statement.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

“The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.”

This is not the first time law enforcement agencies have stealthily operated fake services to combat criminal activity in the digital sphere.

In June 2021, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) revealed that they ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Adobe Experience Platform AI Assistant With Content Generation, Automation Features Now Generally Available
Realme GT 6 Confirmed to Get Snapdragon 8s Gen 3 SoC Ahead of June 20 India Launch
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Google Pixel Feature Drop for June Brings Gemini AI to More Pixel Phones Along With Other Imaging Features
Elon Musk drops suit against OpenAI and Sam Altman