Saturday, June 22, 2024

UK Police Setup Thousands of  Fake DDoS-For-Hire Websites

The National Crime Agency (NCA) of the United Kingdom revealed that it had built several fake DDoS-for-hire service websites to track down cybercriminals who use these platforms to attack businesses.

Also, this declaration follows the Agency’s decision to designate one of the sites now maintained by officers as a criminal service as part of a sustained programme of activities to disrupt and undermine DDoS.

Booter Services Are a Key Enabler of Cyber Crime

DDoS-for-hire services, sometimes known as ‘booters,’ are online platforms offering to produce huge garbage HTTP requests towards a website or online service in exchange for money that overwhelm the webserver and take it offline.

DDoS attacks, designed to overwhelm websites and force them offline, are illegal in the United Kingdom under the Computer Misuse Act of 1990.

People who want to take down a website or disrupt an organization’s operations purchase these illegal services for various motives, including espionage, revenge, extortion, and politics.

Numerous thousands of people allegedly visited NCA’s fake websites, which had the appearance of an actual booter service. However, they only served to gather data on people who wanted to use these services rather than to provide access to DDoS tools.

After users register, however, their information is compiled by investigators rather than being provided access to cybercrime tools.

The NCA cautions that numerous fake law enforcement-operated booter sites are still being utilized to accumulate data on cyber criminals. 

Alan Merrett from the NCA’s National Cyber Crime Unit said: “Booter services are a key enabler of cybercrime.

“We will not reveal how many sites we have, or for how long they have been running. Going forward, people who wish to use these services can’t be sure who is actually behind them, so why take the risk?”

These fake sites are part of “Operation PowerOFF” and progressing universal law enforcement, including the US FBI, the Dutch National Police Corps, the U.K. National Crime Agency, Germany’s Federal Criminal Police Office, and Polan’s National Police Cybercrime Bureau.

This splash page advises clients that their information has been collected and law enforcement authorities will soon contact them.

Banner has been seen by visitors of the fake DDoS-for-hire site

“National Crime Agency has collected substantial data from those who accessed our domain. We will share this data with International Law Enforcement Enforcement for action. Law Enforcement will contact individuals in the U.K. who engaged with this,” reads the NCA splash page on the fake DDoS booter site.

“National Crime Agency has been and will run more services like this site.”

“Operation PowerOFF has already resulted in the arrest of numerous individuals and continues to ensure that users are being held accountable for their criminal activity.”

Last year in December, the U.S. Department of Justice and the FBI reported the seizure of 48 domains that sold “booter” services in “Operation PowerOFF.”

Because of that action, the authorities charged six suspects for their coordinated involvement in these unlawful services.

The NCA clarifies that while takedowns and arrests are still a vital component of the battle against the danger, their most recent strategies expand the effectiveness of their operations to weaken belief in criminal markets and stop DDoS assaults at their source.

Searching to secure your APIs? – Try Free API Penetration Testing

Related Read:


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles