Monday, October 7, 2024
HomeCyber AttackUK Police Setup Thousands of  Fake DDoS-For-Hire Websites

UK Police Setup Thousands of  Fake DDoS-For-Hire Websites

Published on

The National Crime Agency (NCA) of the United Kingdom revealed that it had built several fake DDoS-for-hire service websites to track down cybercriminals who use these platforms to attack businesses.

Also, this declaration follows the Agency’s decision to designate one of the sites now maintained by officers as a criminal service as part of a sustained programme of activities to disrupt and undermine DDoS.

Booter Services Are a Key Enabler of Cyber Crime

- Advertisement - EHA

DDoS-for-hire services, sometimes known as ‘booters,’ are online platforms offering to produce huge garbage HTTP requests towards a website or online service in exchange for money that overwhelm the webserver and take it offline.

DDoS attacks, designed to overwhelm websites and force them offline, are illegal in the United Kingdom under the Computer Misuse Act of 1990.

People who want to take down a website or disrupt an organization’s operations purchase these illegal services for various motives, including espionage, revenge, extortion, and politics.

Numerous thousands of people allegedly visited NCA’s fake websites, which had the appearance of an actual booter service. However, they only served to gather data on people who wanted to use these services rather than to provide access to DDoS tools.

After users register, however, their information is compiled by investigators rather than being provided access to cybercrime tools.

The NCA cautions that numerous fake law enforcement-operated booter sites are still being utilized to accumulate data on cyber criminals. 

Alan Merrett from the NCA’s National Cyber Crime Unit said: “Booter services are a key enabler of cybercrime.

“We will not reveal how many sites we have, or for how long they have been running. Going forward, people who wish to use these services can’t be sure who is actually behind them, so why take the risk?”

These fake sites are part of “Operation PowerOFF” and progressing universal law enforcement, including the US FBI, the Dutch National Police Corps, the U.K. National Crime Agency, Germany’s Federal Criminal Police Office, and Polan’s National Police Cybercrime Bureau.

This splash page advises clients that their information has been collected and law enforcement authorities will soon contact them.

Banner has been seen by visitors of the fake DDoS-for-hire site

“National Crime Agency has collected substantial data from those who accessed our domain. We will share this data with International Law Enforcement Enforcement for action. Law Enforcement will contact individuals in the U.K. who engaged with this,” reads the NCA splash page on the fake DDoS booter site.

“National Crime Agency has been and will run more services like this site.”

“Operation PowerOFF has already resulted in the arrest of numerous individuals and continues to ensure that users are being held accountable for their criminal activity.”

Last year in December, the U.S. Department of Justice and the FBI reported the seizure of 48 domains that sold “booter” services in “Operation PowerOFF.”

Because of that action, the authorities charged six suspects for their coordinated involvement in these unlawful services.

The NCA clarifies that while takedowns and arrests are still a vital component of the battle against the danger, their most recent strategies expand the effectiveness of their operations to weaken belief in criminal markets and stop DDoS assaults at their source.

Searching to secure your APIs? – Try Free API Penetration Testing

Related Read:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...