The National Crime Agency has breached a major DDoS-for-hire service that was responsible for tens of thousands of attacks every week around the world.
The disruption, which targeted digitalstress.su, a criminal marketplace offering DDoS capabilities, was carried out in cooperation with the Police Service of Northern Ireland.
This comes after the PSNI arrested one of the site’s suspected administrators earlier this month.
The NCA took over the site, disabled its functionality and replaced the domain with a splash page warning users that their data was being collected by law enforcement agencies.
This was achieved by creating mirror sites to which users could be directed.
The NCA also covertly and openly accessed communication platforms being used to discuss launching DDoS attacks, telling and showing users of these platforms that nowhere is a safe place for cybercriminals to discuss criminal activities.
One message read:
“On 2 July, a joint operation between the NCA, PSNI and FBI led to the arrest of the suspected administrators of DigitalStress and the shutdown of www.digitalstress.su.
“We’re keeping an eye on you. Is it worth it?”
Distributed denial-of-service (DDoS) attacks, which aim to overwhelm websites and take them offline, are illegal in the UK under the Computer Misuse Act 1990.
DDoS attack-for-hire or “booter” services allow users to create an account and request a DDoS attack within minutes. Such attacks can cause significant damage to businesses and critical national infrastructure, and often deny people access to vital public services such as fire, police, and emergency services.
The administrators of digitalstress chose to place their service under the .su domain, a former Soviet Union domain that is used by many criminal services and is considered an obstacle to law enforcement agencies in carrying out effective investigations.
However, the NCA’s work has revealed that such domains are vulnerable and could be exploited to disrupt criminal activity and identify perpetrators.
User information will now be analysed by the NCA for law enforcement action, and data on overseas users will be passed on to international law enforcement agencies.
The Digital Stress operation follows an international operation led by the FBI with support from the NCA in December 2022 that targeted tools and services used to carry out serious cyber attacks, resulting in the shutdown of 48 of the world’s most popular “booter” sites.
Deputy Commissioner Paul Foster, head of the NCA’s National Cyber Crime Unit, said:
“Booter services are an attractive entry-level form of cybercrime and make it easy for individuals with little technical ability to commit cybercrime.
“Anyone who used these services while our mirror sites existed has now made their identities known to law enforcement agencies around the world.
“While traditional site takedowns and arrests remain an important element of the law enforcement response to this threat, we are at the forefront of developing innovative tools and techniques that can be used as part of a sustained programme of action to disrupt and degrade the activities of cybercriminal organisations and protect UK citizens.”
“Our work continues to demonstrate that online criminals can enjoy no anonymity or impunity.”
Chief Inspector Paul Woods, of the Police Service of Northern Ireland, said:
“This is a great example of collaboration.
“We will continue to work tirelessly with our law enforcement partners, both locally and globally, to disrupt the activities of those who use cyber technology to cause harm.”
“Today’s welcome announcement sends a clear message to all cyber criminals that they are not beyond identification and investigation, whatever their motivation or methods.”
The activity is part of Operation Power Off, an ongoing international coordinated response targeting criminal DDoS attack infrastructure around the world.
July 22, 2024