Police and computers

Fake DDoS services set up to trap cybercriminals

The “online criminal marketplace” has been disrupted via several fake Distributed Denial of Service (DDoS) tools, according to an announcement from The British National Crime Agency (NCA). 

Not everyone on an underground forum is up to no good. Some folks register on hacking sites and services out of curiosity. It’s not uncommon for people to register on a breach forum to check if their own data is included in whatever latest disaster is unfolding in the news. Even so, certain types of service exist which are most definitely going to get users in some form of trouble no matter the supposed intention.

This is the case with DDoS tools. A DDoS attack occurs when someone decides to effectively flood a service or site with more traffic than it can handle. The site becomes overloaded, and can no longer function correctly which leads to downtime.

It can happen to websites and gaming services, and even individual gamers in some sessions have been targeted and taken down. Paid for DDoS tools have been around for many years, and are a very popular service for people who want to quickly perform a DDoS attack without much legwork.

However, attacks like these are illegal in the UK under the Computer Misuse Act 1990. And, as it turns out, the focal point for the NCA’s participation in a worldwide operation designed to disrupt and panic criminal elements.

Registering for a very bad day

From the NCA’s announcement:

DDoS-for-hire or ‘booter’ services allow users to set up accounts and order DDoS attacks in a matter of minutes. Such attacks have the potential to cause significant harm to businesses and critical national infrastructure, and often prevent people from accessing essential public services.

All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks.

Once an individual registers on the fake sites, they’re not given access to DDoS tools as they may have expected. Instead, their data is collected by the NCA. For anyone registered living in the United Kingdom, they can expect to be contacted by the NCA at a later date and given a warning about the consequences of engaging in cybercrime. Individuals outside the UK will find that their details are passed to international law enforcement.

Powering up Operation Power Off

This is all a continuation of a project called Operation Power Off, which has been running for some years now. DDoS tools are a big focus for these operations, as they’re one of many gateway entry points into the world of illegal activity.

Back in December, this same project was responsible for 48 major booter services being taken offline permanently alongside multiple arrests in the UK and US. As the NCA points out, this kind of activity helps to undermine trust in the criminal market and also makes such sites feel quite a bit less safe and anonymous. You can never really trust an underground marketplace, and that’s before you throw the spectre of law enforcement into the mix.

Indeed, a well known forum for trading stolen data recently shut down for precisely that reason. If you’re at all curious about signing up for rogue services, take the safer option. Close that browser tab, and have a good read of the oft-linked NCA Cyber Choices page. Parents, teachers, and children of all ages can see what the risks are, how someone could get into trouble, and why it’s better to put digital talents to use in favour of something more productive.


Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.