UK creates fake DDoS-for-hire sites to identify cybercriminals

The U.K.'s National Crime Agency (NCA) revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations.

DDoS-for-hire services, also known as 'booters,' are online platforms offering to generate massive garbage HTTP requests towards a website or online service in exchange for money that overwhelm the webserver and take it offline.

These illegal services are bought by people aiming to take down a site or disrupt an organization's operations for various reasons, including espionage, revenge, extortion, and political reasons.

Due to these services being inexpensive and requiring no particular knowledge or experience, they allow anyone to commit cyber offenses with little effort.

NCA says several thousands of people accessed its fake sites, which had a realistic appearance as a genuine booter service. However, instead of giving access to DDoS tools, they only served to collect information about those who wished to use these services.

After successfully infiltrating the cybercrime market and gathering information about those purchasing illegal services, the agency revealed the operation by displaying a splash page on only one of its fake sites. 

However, the NCA warns that many fake law enforcement-operated booter sites are still being used to gather information on cyber criminals.

This splash page informs users that their data has been collected and that law enforcement authorities will soon contact them, as shown below.

Banner seen by visitors of the fake DDoS-for-hire site (NCA)

"National Crime Agency has collected substantial data from those who accessed our domain. We will share this data with International Law Enforcement Enforcement for action. Individuals in the U.K. who engaged with this will be contacted by Law Enforcement," reads the NCA splash page on the fake DDoS booter site.

"National Crime Agency has been and will run more services like this site."

"Operation PowerOFF has already resulted in the arrest of numerous indiiduals and continues to ensure that users are being held accountable for their criminal activity."

These fake sites are part of "Operation PowerOFF," an ongoing international law enforcement involving the US FBI, the Dutch National Police Corps, the U.K. National Crime Agency, Germany's Federal Criminal Police Office, and Polan's National Police Cybercrime Bureau.

Users based in the U.K. will be contacted by the NCA, while the data of those from abroad will be passed to the corresponding law enforcement forces.

The tactic of uncloaking only one of the several fake DDoS-for-hire sites operated by the agency instills fear and doubt in the entire community, impacting all platforms in this market.

"We will not reveal how many sites we have or for how long they have been running," comments NCA's agent, Alan Merret.

"Going forward, people who wish to use these services can't be sure who is actually behind them, so why take the risk?"

In December 2022, the U.S. Department of Justice and the FBI announced the seizure of 48 domains that sold "booter" services in the context of "Operation PowerOFF."

As a result of that action, the authorities also charged six suspects for their direct involvement in these illegal services.

The NCA explains that while takedowns and arrests are still a key component of the fight against the threat, their latest tactics extend the impact of their operations to undermine trust in criminal markets and stop DDoS attacks at their source.