Brits Slap Wrists of DDoS Kids, via NCA’s Fake Booter Sites

UK National Crime Agency nips it in the bud: Aims to scare straight naughty DDoS kiddies.

As part of the international Operation PowerOFF, the NCA is running fake DDoS-for-hire service websites, a/k/a booters. The NCA’s National Cyber Crime Unit (NCCU) sounds proud of what it’s achieved so far.

The theory goes that an early slap on the wrist can stop people becoming hardened cybercriminals. In today’s SB Blogwatch, we’re a tiny bit skeptical, your majesty.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Epic trailer.

UK NCA: No Way

What’s the craic? Bill Toulas reports—“UK creates fake DDoS-for-hire sites to identify cybercriminals”:

Operation PowerOFF
DDoS-for-hire services … are online platforms offering to generate massive garbage HTTP requests towards a website or online service in exchange for money that overwhelm the webserver and take it offline. [They] are bought by people aiming to take down a site or disrupt an organization’s operations for various reasons, including espionage, revenge, extortion, and political reasons. … They allow anyone to commit cyber offenses with little effort.

After successfully infiltrating the cybercrime market and gathering information about those purchasing illegal services, the [NCA] revealed the operation by displaying a splash page on only one of its fake sites. [But] many fake law enforcement-operated booter sites are still being used to gather information. … The tactic of uncloaking only one … instills fear and doubt in the entire community.

These fake sites are part of “Operation PowerOFF,” an ongoing international law enforcement involving the US FBI, the Dutch National Police Corps, the UK National Crime Agency, Germany’s Federal Criminal Police Office, and Poland’s National Police Cybercrime Bureau. Users based in the UK will be contacted by the NCA, while the data of [others] will be passed to the corresponding law enforcement forces.

Let’s take the story further. All aboard the Brian Krebs cycle—“UK Sets Up Fake Booter Sites To Muddy DDoS Market”:

Computer Fraud and Abuse Act
The … NCA has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. … The NCA declined to say how many phony booter sites it had set up, or for how long they have been running.

The NCA campaign comes closely on the heels of an international law enforcement takedown: … In mid-December 2022, the U.S. Department of Justice (DOJ) announced “Operation Power Off,” which seized four-dozen booter business domains responsible for more than 30 million DDoS attacks, and charged six U.S. men with computer crimes related to their alleged ownership of popular DDoS-for-hire services. In connection with that operation, the NCA also arrested an 18-year-old man suspected of running one of the sites.

The NCA says hiring or launching attacks designed to knock websites or users offline is punishable in the UK under the Computer Misuse Act 1990. … According to U.S. federal prosecutors, the use of booter and stresser services to conduct attacks is punishable under both wire fraud laws and the Computer Fraud and Abuse Act.

Horse’s mouth? The NCA NCCU’s Alan Merrett—“NCA infiltrates cyber crime market”:

Why take the risk?
Well, it has taken two years to get here, but finally [we] can reveal counter-DDoS activity which has been undertaken for a period of months now. This operation is still ongoing, but to date there has been considerable success and it is anticipated that such activities will provide further tools in the cyber toolbox for the NCCU to deploy.

Booter services are a key enabler of cybercrime. The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime. … Traditional site takedowns and arrests are key components of law enforcement’s response to this threat. However, we have extended our operational capability with this activity, at the same time as undermining trust.

We will not reveal how many sites we have, or for how long they have been running. … People who wish to use these services can’t be sure who is actually behind them, so why take the risk?

Is this a good idea? Nextgrid applauds the operation and suggests a further step:

One of the very few times a police force appears to be doing something effective when it comes to cybercrime. I wish they’d do a lot more honeypot operations — a lot of cybercrime is very low-level, perpetuated by kids with no/poor opsec.

Establishing honeypot presence on the major hacking forums where these kids congregate would do wonders. Not only will it yield actual leads for more serious cases, but would reduce crime to begin with if the markets become saturated with honeypot services in such a way that finding a real, “legit” one becomes impossible.

Although it’d be hard to prove a crime’s been committed. That’s not the point, says Zocalo:

What they’ve done … is put some red flags against a several thousand names that have, in effect, already received their first legal warning, and therefore are going to get a lot less sympathy from a court if they subsequently get caught and prosecuted for cybercrime later. There’s also the possibility that a few of the people they ID might already be on similar watchlists or under caution which might lead to actual prosecutions.

It’s not a bad idea, really. Low cost, low effort and, IMHO, a low level of deterrence factor too. But the real value is probably going to be those red flags and watchlists for any subsequent prosecutions of those that … continue on down the cybercrime rabbit hole.

But Shadow Lurker thinks it’s mere security theater:

The handful of people who don’t use a throwaway email or a VPN/Proxy/TOR when signing up to these type of sites will just learn they should have—and know for their next attempt. … A lot of effort by the authorities which will achieve very little.

Did someone say “VPN”? That gives halo an idea:

I wonder how many VPN providers are secretly government honeypots. … I suspect most of them.

I’m not a lawyer, but this sounds a lot like entrapment. No it doesn’t, admonishes quonset:

You answered your own question. Since you’re not a lawyer, and apparently haven’t studied the basics of law, entrapment occurs when someone is enticed to do something they weren’t already disposed to do.

Meanwhile, Z sounds slightly sarcastic:

The citizens of the UK can rest easier knowing their chances of getting booted off while playing Minecraft have decreased a whole 0.001%.

And Finally:

Georgie LaFridge FTW

CW: A couple of minor swears

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: UK House of Lords (Open Parliament Licence; leveled and cropped)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 595 posts and counting.See all posts by richi