The National Crime Agency (NCA), working with the Police Service of Northern Ireland (PSNI), has infiltrated and taken down a DDoS-for-hire service as part of Operation Power Off. The service – digitalstress.su – is accused of causing tens of thousands of attacks every week.
Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said, “Booter services are an attractive entry-level cyber crime, allowing individuals with little technical ability to commit cyber offences with ease. Anyone using these services while our mirror site was in place has now made themselves known to law enforcement agencies around the world.
“Although traditional site takedowns and arrests are key elements of law enforcement’s response to this threat, we are at the forefront of developing innovative tools and techniques which can be used as part of a sustained programme of activity to disrupt and undermine cyber criminal services and protect people in the UK.
“Our operations continue to demonstrate that criminals online can have no assurance of anonymity or impunity.”
How did the takedown happen?
The takedown came after the PSNI arrested a suspected site controller in early July. The intelligence gathered from that arrest was then used by the NCA to access the site. Once under the NCA’s control, its functionality was disabled.
A new splash page was created to warn criminals that the site had been taken over. It also warned users that law enforcement had collected their details through a mirror site. Control of the site also allowed the NCA to access communications platforms being used to discuss DDoS attacks.
The NCA then sent users messages such as:
“On 2 July, a joint operation by the NCA, PSNI and FBI led to the arrest of a suspected controller of DigitalStress and we have now taken down www.digitalstress.su.
“We are watching you. Is it worth it?”
Another intelligence-led operation
The NCA and PCNI say that this operation has its roots in an FBI-led international operation from December 2022. That action targeted tools and services used to commit cyberattacks. In that operation over 48 of the most popular booter sites were taken down. Since then, there have been several other international operations to take down and prosecute those running booter sites.
In May 2023, the FBI reported that another 13 internet domains offering booter services had been taken down. Those sites were attempts by cybercriminals to reincarnate sites that the FBI and its international partners, including the NCA, had previously taken down. The FBI reported that it was the third wave of action since the December 2022 operation.
This NCA and PCNI action continues law enforcement’s efforts to target these sites and disrupt cyber criminals’ activities.
Enterprise Times: What does it mean?
The announcement of a successful operation to disrupt and take down a DDoS-for-hire site is welcome. Even more welcome is that this is an ongoing action under the Operation Power Off banner.
It sends a message to cybercriminals that law enforcement is not interested in just taking down sites once and then moving on. It also shows that intelligence gathered in operations is shared internationally and will lead to further action at a later date. Both of these are important, given how quickly cybercriminals seem to rebuild their operations.