The National Crime Agency (NCA) of the United Kingdom revealed that it had built several fake DDoS-for-hire service websites to track down cybercriminals who use these platforms to attack businesses.
Also, this declaration follows the Agency’s decision to designate one of the sites now maintained by officers as a criminal service as part of a sustained programme of activities to disrupt and undermine DDoS.
Booter Services Are a Key Enabler of Cyber Crime
DDoS-for-hire services, sometimes known as ‘booters,’ are online platforms offering to produce huge garbage HTTP requests towards a website or online service in exchange for money that overwhelm the webserver and take it offline.
DDoS attacks, designed to overwhelm websites and force them offline, are illegal in the United Kingdom under the Computer Misuse Act of 1990.
People who want to take down a website or disrupt an organization’s operations purchase these illegal services for various motives, including espionage, revenge, extortion, and politics.
Numerous thousands of people allegedly visited NCA’s fake websites, which had the appearance of an actual booter service. However, they only served to gather data on people who wanted to use these services rather than to provide access to DDoS tools.
After users register, however, their information is compiled by investigators rather than being provided access to cybercrime tools.
The NCA cautions that numerous fake law enforcement-operated booter sites are still being utilized to accumulate data on cyber criminals.
Alan Merrett from the NCA’s National Cyber Crime Unit said: “Booter services are a key enabler of cybercrime.
“We will not reveal how many sites we have, or for how long they have been running. Going forward, people who wish to use these services can’t be sure who is actually behind them, so why take the risk?”
These fake sites are part of “Operation PowerOFF” and progressing universal law enforcement, including the US FBI, the Dutch National Police Corps, the U.K. National Crime Agency, Germany’s Federal Criminal Police Office, and Polan’s National Police Cybercrime Bureau.
This splash page advises clients that their information has been collected and law enforcement authorities will soon contact them.
“National Crime Agency has collected substantial data from those who accessed our domain. We will share this data with International Law Enforcement Enforcement for action. Law Enforcement will contact individuals in the U.K. who engaged with this,” reads the NCA splash page on the fake DDoS booter site.
“National Crime Agency has been and will run more services like this site.”
“Operation PowerOFF has already resulted in the arrest of numerous individuals and continues to ensure that users are being held accountable for their criminal activity.”
Last year in December, the U.S. Department of Justice and the FBI reported the seizure of 48 domains that sold “booter” services in “Operation PowerOFF.”
Because of that action, the authorities charged six suspects for their coordinated involvement in these unlawful services.
The NCA clarifies that while takedowns and arrests are still a vital component of the battle against the danger, their most recent strategies expand the effectiveness of their operations to weaken belief in criminal markets and stop DDoS assaults at their source.
Searching to secure your APIs? – Try Free API Penetration Testing