The UK’s National Crime Agency (NCA) has revealed that they have infiltrated the online criminal marketplace by setting up a number of websites purporting to offer DDoS-for-hire services.
The agency has chosen to identify one of the sites currently being run by officers as part of a sustained programme of activity to disrupt and undermine DDoS as a criminal service – The programme goes by the name of “Op Power Off”.
All the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks.
If a user registers with an NCA-controlled site to purchase DDoS services, rather than being given access to the cyber crime tools, their data is collated by investigators and the user is shown a splash page warning users that their data has been collected and they will be contacted by law enforcement.
Users based in the UK will be contacted by the NCA or a local police force and warned about engaging in cyber crime.
Any Information relating to overseas users is passed to international law enforcement for processing.
Global effort
The NCA activity forms part of Operation Power Off, which is a coordinated international response targeting criminal DDoS-for-hire infrastructures worldwide.
In December 2022, 48 of the world’s most popular booter sites were taken offline by the FBI, following close collaboration with the NCA, Netherlands Police and Europol.
As part of that operation, the NCA arrested an 18-year-old man in Devon, who was suspected of being an administrator of one of the sites.
The sites seized in that operation were the biggest DDoS-for-hire services on the market, with one site alone having been used to carry out over 30 million attacks.
What is a DDoS?
A Distributed Denial of Service (DDoS) attack is designed to overwhelm services such as websites and force them offline, thus causing other, legitimate users to be denied the service. Such attacks have the potential to cause significant harm to businesses, and often prevent people from accessing essential public services.
DDoS-for-hire or booter services allow users to set up accounts and order DDoS attacks in a matter of minutes and “boot” people off online services.
Many online gamers turn to booter services when angry at other players – they try to target either the server they are using to boot other players off, or target individual players to slow their networks down to the point they cannot connect to the online game platform.
DDoS services are illegal in the UK under the Computer Misuse Act 1990.