U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

The U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground.

“All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” the law enforcement agency said.

“However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators.”

The effort is part of an ongoing international joint effort called Operation PowerOFF in collaboration with authorities from the U.S., the Netherlands, Germany, Poland, and Europol aimed at dismantling criminal DDoS-for-hire infrastructures worldwide.

DDoS-for-hire or ‘booter’ services allow users to set up accounts and order DDoS attacks in a matter of minutes. Such attacks have the potential to cause significant harm to businesses and critical national infrastructure, and often prevent people from accessing essential public services.

All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks.

Users based in the UK will be contacted by the National Crime Agency or police and warned about engaging in cyber crime. Information relating to those based overseas is being passed to international law enforcement.

Alan Merrett from the NCA’s National Cyber Crime Unit said: “Booter services are a key enabler of cyber crime. The Distributed Denial of Service (DDoS) attacks, which are designed to overwhelm websites and force them offline, are illegal in the UK under the Computer Misuse Act 1990.

The NCA also arrested an 18-year-old man in Devon, who was suspected of being an administrator of one of the sites. The sites seized were the biggest DDoS-for-hire services on the market, with one having been used to carry out over 30 million attacks.

Dr Zakir Hussain, Cybersecurity advisor said, This is Ethical Phishing to catch a thief’s. This is not a first time to use this practice to catch bad people, law enforcement agencies have used this tactics many times including recent one In June 2021, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) revealed that they ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally.