Posted on March 25, 2023 at 9:03 AM
UK regulator use fake DDoS-for-hire sites to collect information on cybercriminals
The UK National Crime Agency (NCA) has announced that they created fake DDoS-for-hire websites. The regulatory agency used these websites to identify the cybercriminals who used the site to launch attacks on organizations.
UK launches fake DDoS-for-hire websites
DDoS-for-hire sites are usually visited by cybercriminals who want to launch a DDoS campaign. These sites are usually used by hackers who do not have sophisticated techniques and those looking to launch attacks in a less costly manner.
DDoS-for-hire sites are also known as booters. These online platforms allow cybercriminals to generate massive malicious HTTP requests toward a website or online service. The cybercriminals that use these sites usually sell the service for money.
DDoS campaigns can have a significant impact on an organization. The traffic sent toward these sites overwhelms the website and takes it offline. Sometimes, the hacker might demand money from the target for the DDoS campaign to end.
Illegal DDoS campaigns are usually done by people who want to take down a website or cause havoc on the operations of organizations. Multiple things, such as revenge, extortion, espionage, and political reasons, can inspire DDoS campaigns.
These services are usually less costly and do not require the cybercriminal’s knowledge or experience. The campaigns will allow people to commit cyber offenses without using much effort.
A statement by the NCA said multiple people had access to its fake websites. The websites had a realistic appearance and operated as a genuine booter service. However, instead of these sites providing access to DDoS tools, they collected data on those who visited the sites and wished to use their services.
After the NCA managed to infiltrate the hacker and gather information on the cybercriminals looking to purchase the illegal service, it informed the public of the strategy. The agency revealed this operation after displaying a splash page on one of its fake websites.
However, the NCA has also issued a warning saying that most fake booter sites operated by law enforcement are being used to collect information about cybercriminals. The splash page informs the users that their data has been gathered and that law enforcement authorities will contact them.
The NCA splash page on the fake DDoS-for-hire site says, “National Crime Agency has collected important data from those who accessed our domain. We will share this data with International Law Enforcement for action. Individuals in the UK who engaged with this will be contacted by Law Enforcement.”
The NCA has also said that it will continue operating more services, such as that website, to ensure that DDoS attacks are kept at bay. The agency also said the operation has already succeeded, as several individuals have been arrested. Moreover, the agency continued to ensure that users were held accountable for their actions.
Operation PowerOFF
The fake websites addressed by the agency are part of something called “Operation PowerOFF. The latter is an ongoing global law enforcement that involves the Federal Bureau of Investigations, the Dutch National Police Corps, the UK National Crime Agency, the Polan National Police Cybercrime Bureau, and Germany’s Federal Criminal Police Office.
The NCA will contact users in the UK who accessed these sites. On the other hand, the users who accessed these locations from abroad will have the information sent to their respective law enforcement authorities.
The strategy used by the NCA to uncover one of the fake DDoS-for-hire sites run by the agency has instilled fear in the community. The move has also affected all the platforms offering this service. The NCA has said that it will not reveal the number of sites that it has and how long these sites have been operational.
The platform has also said that the move would reduce the number of people using these sites, reducing the number of attacks. In December last year, the US Department of Justice and the FBI said that the seizure of 48 domains sold DDoS services as part of the operation.
Following this operation, the authorities charged six suspects involved in the scheme for their direct involvement in the services. According to the NCA, these takedowns were needed to fight against DDoS campaigns. The agency also said that the latest tactics extended the impact of the operations to lower tasks in the criminal market.