NCA infiltrates world's most prolific DDoS for hire service

NCA infiltrates world's most prolific DDoS-for-hire service

The National Crime Agency has infiltrated a significant DDoS-for-hire service which has been responsible for tens of thousands of attacks every week across the globe.

The disruption targeting digitalstress.su, a criminal marketplace offering DDos capabilities, was made in partnership with the Police Service of Northern Ireland.

It comes after the PSNI arrested one of the site's suspected controllers earlier this month.

The NCA took over the site and disabled its functionality, replacing the domain with a splash page, warning users that their data has been collected by law enforcement.

This was achieved by creating a mirror site that users were directed to.

The NCA also covertly and overtly accessed communication platforms being used to discuss launching DDoS attacks, telling and showing the users of these platforms that nowhere is safe for cyber criminals to talk about their criminal activity.

One message read:

"On 2 July, a joint operation by the NCA, PSNI and FBI led to the arrest of a suspected controller of DigitalStress and we have now taken down www.digitalstress.su.

"We are watching you. Is it worth it?"

Distributed Denial of Service (DDoS) attacks, which are designed to overwhelm websites and force them offline, are illegal in the UK under the Computer Misuse Act 1990.

DDoS-for-hire or 'booter' services allow users to create accounts and order DDoS attacks within minutes. Such attacks have the potential to cause significant harm to businesses and critical national infrastructure, and often prevent people from accessing essential public services such as fire, police or ambulance teams.

The administrators of digitalstress chose to place the service under a .su domain. This is an old Soviet Union domain which many criminal services use in the belief that it presents a barrier for law enforcement agencies to carry out effective investigations.

The NCA's activity however has shown that such domains are vulnerable and can be exploited to stop criminal activity and identify those responsible.

User information will now be analysed by the NCA for law enforcement action, and data relating to overseas users will be passed to international law enforcement.

The activity against digitalstress follows an FBI-led international operation in December 2022, supported by the NCA, targeting tools and services used to commit serious cyber attacks, which saw the takedown of 48 of the world's most popular 'booter' sites.

Deputy Director Paul Foster, head of the NCA's National Cyber Crime Unit, said:

"Booter services are an attractive entry-level cyber crime, allowing individuals with little technical ability to commit cyber offences with ease.

"Anyone using these services while our mirror site was in place has now made themselves known to law enforcement agencies around the world.

"Although traditional site takedowns and arrests are key elements of law enforcement's response to this threat, we are at the forefront of developing innovative tools and techniques which can be used as part of a sustained programme of activity to disrupt and undermine cyber criminal services and protect people in the UK.

"Our operations continue to demonstrate that criminals online can have no assurance of anonymity or impunity.

Detective Chief Inspector Paul Woods, of the Police Service of Northern Ireland, said:

"This is an excellent example of collaborative working.

"We will continue to work tirelessly alongside our law enforcement partners to disrupt the activities of those who use cyber technology to cause damage, whether locally or globally.

"Today's welcome announcement should send a clear message to all cyber criminals that, whatever your motive or means, you are not beyond identification and investigation."

This activity forms part of Operation Power Off, the ongoing coordinated international response targeting criminal DDoS-for-hire infrastructures worldwide.

22 July 2024