Cyber-crime: NCA take down global hub for ‘entry-level’ DDoS cyber-crime 

Watch more of our videos on ShotsTV.com 
and on Freeview 262 or Freely 565
Visit Shots! now
“We are watching you. Is it worth it?” 🚨
  • NCA takes down a criminal marketplace offering DDoS attacks. 
  • Officers covertly took over the website and created a mirror site. 
  • It comes after a suspected digitalstress.su controller was arrested. 

A British law enforcement agency has taken down a major hub for ‘entry-level’ cyber-crime. The National Crime Agency (NCA) infiltrated a significant Distributed Denial of Service (DDoS)-for-hire service which has been responsible for tens of thousands of attacks every week across the globe.

Hide Ad
Hide Ad

During the operation, the NCA took down digitalstress.su, a criminal marketplace offering DDoS capabilities, in cooperation with the Police Service of Northern Ireland. It comes after the PSNI arrested one of the site’s suspected controllers earlier this month.

The NCA took over the site and disabled its functionality, replacing the domain with a splash page, warning users that their data has been collected by law enforcement. Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “Our operations continue to demonstrate that criminals online can have no assurance of anonymity or impunity.” 

How did the NCA take it down?

The British law enforcement agency managed to take down digtalstress.su by creating a mirror site that users were directed to. The NCA also covertly and overtly accessed communication platforms being used to discuss launching DDoS attacks, telling and showing the users of these platforms that nowhere is safe for cyber criminals to talk about their criminal activity.

Hide Ad
Hide Ad

One message read: “On 2 July, a joint operation by the NCA, PSNI and FBI led to the arrest of a suspected controller of DigitalStress and we have now taken down www.digitalstress.su. We are watching you. Is it worth it?”

NCA takes down global cyber-crime marketplace. Photo: NCANCA takes down global cyber-crime marketplace. Photo: NCA
NCA takes down global cyber-crime marketplace. Photo: NCA | NCA

What is a DDOS attack?

Distributed Denial of Service (DDoS) attacks, which are designed to overwhelm websites and force them offline, are illegal in the UK under the Computer Misuse Act 1990. DDoS-for-hire or ‘booter’ services allow users to create accounts and order DDoS attacks within minutes. 

Such attacks have the potential to cause significant harm to businesses and critical national infrastructure, and often prevent people from accessing essential public services such as fire, police or ambulance teams. The administrators of digitalstress chose to place the service under a .su domain. 

Hide Ad
Hide Ad
Message sent by NCA to digitalstress.su users. Photo: NCAMessage sent by NCA to digitalstress.su users. Photo: NCA
Message sent by NCA to digitalstress.su users. Photo: NCA | NCA

This is an old Soviet Union domain which many criminal services use in the belief that it presents a barrier for law enforcement agencies to carry out effective investigations. The NCA’s activity however has shown that such domains are vulnerable and can be exploited to stop criminal activity and identify those responsible.

User information will now be analysed by the NCA for law enforcement action, and data relating to overseas users will be passed to international law enforcement. The activity against digitalstress follows an FBI-led international operation in December 2022, supported by the NCA, targeting tools and services used to commit serious cyber attacks, which saw the takedown of 48 of the world’s most popular ‘booter’ sites.

Police expose ‘entry-level’ cyber crime

Deputy Director Foster added: “Booter services are an attractive entry-level cyber crime, allowing individuals with little technical ability to commit cyber offences with ease. Anyone using these services while our mirror site was in place has now made themselves known to law enforcement agencies around the world.

Hide Ad
Hide Ad

“Although traditional site takedowns and arrests are key elements of law enforcement’s response to this threat, we are at the forefront of developing innovative tools and techniques which can be used as part of a sustained programme of activity to disrupt and undermine cyber criminal services and protect people in the UK. Our operations continue to demonstrate that criminals online can have no assurance of anonymity or impunity. 

Detective Chief Inspector Paul Woods, of the Police Service of Northern Ireland, said: “This is an excellent example of collaborative working. We will continue to work tirelessly alongside our law enforcement partners to disrupt the activities of those who use cyber technology to cause damage, whether locally or globally.

“Today’s welcome announcement should send a clear message to all cyber criminals that, whatever your motive or means, you are not beyond identification and investigation.” This activity forms part of Operation Power Off, the ongoing coordinated international response targeting criminal DDoS-for-hire infrastructures worldwide.

Hide Ad
Hide Ad

If you would like to learn more about DDoS attacks, IBM has a great explainer on what exactly they are and how they work. You can watch the video, which is under four minutes, on IBM Technology’s YouTube channel here