In what’s a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground.
“All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” the law enforcement agency said.
“However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators.”
The effort is part of an ongoing international joint effort called Operation PowerOFF in collaboration with authorities from the U.S., the Netherlands, Germany, Poland, and Europol aimed at dismantling criminal DDoS-for-hire infrastructures worldwide.
DDoS-for-hire (aka “Booter” or “Stresser”) services rent out access to a network of infected devices to other criminal actors seeking to launch distributed denial-of-service (DDoS) attacks against websites and force them offline.
Such illegal platforms offer a range of membership options, charging their clientele anywhere between $10 to $2,500 per month.
“Their ease of access means these tools and services have made it easier for people with low level cyber skills to commit offences,” the NCA noted back in December 2022, when a coordinated exercise led to the dismantling of 48 booter sites.
The NCA said it will not reveal the number of sites it’s operating so that individuals who plan on using such services in the future will have to consider if it’s worth the risk.
“Booter services are a key enabler of cyber crime,” Alan Merrett, a member of the NCA’s National Cyber Crime Unit, said in a statement.
“The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.”
This is not the first time law enforcement agencies have stealthily operated fake services to combat criminal activity in the digital sphere.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.