The National Crime Agency has infiltrated a major DDoS-for-hire service responsible for tens of thousands of attacks every week worldwide.
The breach targeting digitalstress.su, a criminal DDos marketplace, was carried out in collaboration with the Police Service of Northern Ireland.
It comes after the PSNI arrested one of the site’s suspected controllers earlier this month.
The NCA took over the website and disabled its functionality, replacing the domain with a landing page warning users that their data had been collected by law enforcement.
This was achieved by creating a mirror site to which users were redirected.
The NCA has also covertly and openly accessed communication platforms used to discuss launching DDoS attacks, telling and showing users of these platforms that there is no safe place for cybercriminals to talk about their criminal activities.
One message read:
“On July 2, a joint operation by the NCA, PSNI and FBI led to the arrest of the suspected DigitalStress controller and we have now taken down www.digitalstress.su.
“We’re watching you. It’s worth it?”
Distributed Denial of Service (DDoS) attacks, which are designed to overwhelm websites and force them offline, are illegal in the UK under the Computer Misuse Act 1990.
DDoS-for-hire or “booter” services allow users to create accounts and order DDoS attacks in minutes. Such attacks can cause significant damage to businesses and critical national infrastructure, and often prevent people from accessing essential public services such as fire, police or rescue teams.
The administrators of digitalstress decided to place the service under the .su domain. This is an old Soviet Union domain that many criminal services use, believing it to be an obstacle for law enforcement to conduct effective investigations.
However, the NCA’s work has shown that these domains are vulnerable and can be exploited to stop criminal activity and identify those responsible.
User information will now be analyzed by the NCA for law enforcement purposes and data relating to overseas users will be passed on to international law enforcement agencies.
The digital stress activity follows an international FBI-led operation in December 2022, supported by the NCA, targeting tools and services used to carry out serious cyber attacks, which led to the takedown of 48 of the world’s most popular “booter” sites.
Deputy Director Paul Foster, head of the NCA’s National Cybercrime Unit, said:
“Booter services are attractive entry-level cybercrimes that allow individuals with little technical ability to easily commit cybercrimes.
“Everyone using these services when our mirror site was in place has now reported to law enforcement agencies around the world.
“While traditional shutdowns and arrests are key elements of law enforcement’s response to this threat, we are at the forefront of developing innovative tools and techniques that can be used as part of an ongoing program of activity to disrupt and undermine cybercrime and protection services across the UK.
“Our operations continue to show that online criminals can have no guarantee of anonymity or impunity.
Detective Chief Inspector Paul Woods of the Police Service of Northern Ireland said:
“This is an excellent example of cooperation.
“We will continue to work tirelessly with our law enforcement partners to disrupt those who use cyber technology to cause harm, whether locally or globally.
“Today’s welcome announcement should send a clear signal to all cybercriminals that regardless of your motive or means, you are not beyond identification and investigation.”
This activity is part of Operation Power Off, an ongoing coordinated international response targeting criminal DDoS-for-hire infrastructure worldwide.
July 22, 2024