Britain’s National Crime Agency (NCA) recently disclosed that it designed and created several multiple fake DDoS (Distributed denial of service) for hire service websites with the aim of identifying threat actors who employ such platforms to bombard enterprises, organisations, and educational institutions with cyberattacks.

Sometimes referred to as “booters”, DDoS for hire services are essentially online platforms that offer to aim a massive torrent of HTTP requests at an online service or website that can overwhelm a web server and knock it entirely offline.

In many cases, these criminal services are purchased by entities aiming to shut down websites or disrupt the operations of an organisation. The reasons for such activity are exceptionally diverse and range from espionage and political reasons to revenge campaigns and financial extortion.

As these services are often inexpensive to hire and require no technical experience or knowledge, they can ultimately allow any individual to launch a devastating cyberattack with ease.

Results revealed by NCA

A spokesperson for the NCA has stated that several thousands of individuals have already accessed the fake sites it has added to the web, which all appear to provide a legitimate booter service to cyber criminals. However, rather than providing access to DDoS tools, interested parties have their own details collected by the UK government agency.

After it successfully infiltrated the dark web market and gathered information about users purchasing these illegal services, the NCA revealed its operation by showcasing a splash page on just one of its bogus sites.

However, the agency warned that many false law enforcement-operated booter sites continue to remain active to harvest information on malicious actors.

The NCA splash page informs entities that the data they have inputted has been gathered and that enforcement authorities will be in touch.
The splash page reads:

“National Crime Agency has collected substantial data from those who accessed our domain. We will share this data with International Law Enforcement for action. Individuals in the U.K. who engaged with this will be contacted by Law Enforcement. National Crime Agency has been and will run more services like this site.”

Operation PowerOFF

The bogus sites are part of an ongoing international law enforcement project called “Operation PowerOFF”. It involves not only the UK’s NCA but also the FBI in the United States, the Dutch National Police Corps, the Federal Criminal Police Office in Germany, and the National Police Cybercrime Bureau of Poland.

A banner on the recent splash page revealed by the NCA to threat actors states:

“Operation PowerOFF has already resulted in the arrest of numerous individuals and continues to ensure that users are being held accountable for their criminal activity.”

Users who are based in the UK will be contacted directly by the NCA, and the data of individuals from overseas will be furthered to the corresponding law enforcement agency for their country of origin.

The strategy of uncloaking a single false DDoS-for-hire site out of many is designed to incite doubt and fear among the cybercriminal community, affecting all such platforms on the dark web.