NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites

March 25, 2023  By Pierluigi Paganini


The U.K. National Crime Agency (NCA) revealed that it has set up a number of fake DDoS-for-hire sites to infiltrate the online criminal underground.

The UK National Crime Agency announced it has infiltrated the online criminal marketplace by setting up several sites purporting to offer DDoS-for-hire services.

DDoS-for-hire or ‘booter’ services allows registered users to launch order DDoS attacks without specific knowledge.

While the NCA-run sites were up and running, they have been accessed by several thousand people, whose registration data were obtained by the investigators. The UK authorities will contact registered users that are based in the UK and warn them about engaging in cyber crime. Information relating users that are based overseas is being passed to international law enforcement.

“All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” reads the announcement. “However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators.”

The activity is part of a coordinated international operation named Operation Power Off that is targeting DDoS-for-hire infrastructures worldwide.

NCA fake DDoS-for-hire sites

In December, the U.S. Department of Justice (DoJ) seized 48 domains associated with the DDoS-for-Hire Service platforms (aka Booter services) used by threat actors. The websites seized by the feds were used to launch millions of actual or attempted DDoS attacks targeting victims worldwide.

“Booter services are a key enabler of cyber crime.” said Alan Merrett from the NCA’s National Cyber Crime Unit. “The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.”

“Traditional site takedowns and arrests are key components of law enforcement’s response to this threat. However, we have extended our operational capability with this activity, at the same time as undermining trust in the criminal market.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DDoS-for-hire)



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days

 On the third day of the Pwn2Own Vancouver 2023 hacking contest, the organization awarded $185,000 for 10 zero-day exploits. Pwn2Own...