Pierluigi Paganini March 25, 2023

The U.K. National Crime Agency (NCA) revealed that it has set up a number of fake DDoS-for-hire sites to infiltrate the online criminal underground.

The UK National Crime Agency announced it has infiltrated the online criminal marketplace by setting up several sites purporting to offer DDoS-for-hire services.

DDoS-for-hire or ‘booter’ services allows registered users to launch order DDoS attacks without specific knowledge.

While the NCA-run sites were up and running, they have been accessed by several thousand people, whose registration data were obtained by the investigators. The UK authorities will contact registered users that are based in the UK and warn them about engaging in cyber crime. Information relating users that are based overseas is being passed to international law enforcement.

“All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” reads the announcement. “However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators.”

The activity is part of a coordinated international operation named Operation Power Off that is targeting DDoS-for-hire infrastructures worldwide.

In December, the U.S. Department of Justice (DoJ) seized 48 domains associated with the DDoS-for-Hire Service platforms (aka Booter services) used by threat actors. The websites seized by the feds were used to launch millions of actual or attempted DDoS attacks targeting victims worldwide.

“Booter services are a key enabler of cyber crime.” said Alan Merrett from the NCA’s National Cyber Crime Unit. “The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.”

“Traditional site takedowns and arrests are key components of law enforcement’s response to this threat. However, we have extended our operational capability with this activity, at the same time as undermining trust in the criminal market.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DDoS-for-hire)