NCA Harvests Info on DDoS-For-Hire With Fake Booter Sites

The UK’s National Crime Agency (NCA) has revealed it is running several fake DDoS-for-hire websites in a bid to disrupt this thriving part of the cybercrime economy.

The agency revealed the news after deciding to go public with one of these sites, by replacing it with a splash page warning users that their data had been collected by law enforcers.

The NCA didn’t say how many of the sites it had set up as part of the operation, but claimed that “several thousand” people had already accessed them in search of the “booter” services needed to launch DDoS attacks against targets.

Users are required to first register with the sites, which provides the NCA with useful details about each individual. It said it would be “contacting” each one to warn them about engaging in cybercrime and passing on the details of any users outside the UK to international partners.

Read more about DDoS threats: DDoS Attacks on UK Firms Surge During Ukraine War.

The NCA claimed that DDoS-for-hire or “booter” services have democratized the ability for even non-technical cyber-criminals to launch attacks and cause significant harm to legitimate business operations and critical national infrastructure as a result.

The hope with this campaign is to undermine criminals’ trust in such services.

“The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offenses with ease,” explained Alan Merrett from the NCA’s National Cyber Crime Unit.

“Traditional site takedowns and arrests are key components of law enforcement’s response to this threat. However, we have extended our operational capability with this activity, at the same time as undermining trust in the criminal market.”

The fake sites are part of Operation Power Off, a coordinated international response to the threat from DDoS-for-hire sites. It scored a victory in December 2022 when the FBI, NCA and others joined forces to seize 48 domains associated with booter services, and charge six individuals with related offenses.

“We will not reveal how many sites we have, or for how long they have been running,” Merrett concluded. “Going forward, people who wish to use these services can’t be sure who is actually behind them, so why take the risk?”

What’s Hot on Infosecurity Magazine?