The UK’s National Crime Agency (NCA), working alongside the FBI, the Dutch Police, and European Union law enforcement agency Europol, has taken down 48 of the world’s most widely used booter sites suspected of being used by cyber criminals and other threat actors to conduct distributed denial of service (DDoS) attacks.
Operation PowerOFF also saw the NCA arrest an 18-year-old Devon man, who is suspected of being the administrator of one of the websites, and charges were also filed against six individuals in the US. The sites themselves have been replaced with a law enforcement splash explaining that they have been seized and can no longer be used.
Those trying to access them from within the UK will also receive targeted messaging informing them that DDoS attacks are illegal under the Computer Misuse Act of 1990, and directing them to the NCA’s Cyber Choices service.
The NCA said the sites comprised the largest DDoS-for-hire services on the market, with one of them having been used to conduct more than 30 million attacks over its lifespan. It has also seized customer data and pending analysis, will be taking action against site users in the UK in the near future.
Antony Jung, special agent in charge of the operation at the FBI’s field office in Anchorage, Alaska, said: “These DDoS-for-hire websites, with paying customers both inside and outside the US, facilitated network disruptions on a massive scale, targeting millions of victim computers around the world. Potential users and administrators should think twice before buying or selling these illegal services.
“The FBI and our international law enforcement partners continue to intensify efforts in combatting DDoS attacks, which will have serious consequences for offenders,” said Jung.
“This operation has taken out a significant proportion of the DDoS-for-hire marketplace, removing booter services which are a key enabler of this criminality,” said Frank Tutty of the NCA’s National Cyber Crime Unit.
“The perceived anonymity and ease of use afforded by booter services now means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease,” he said.
The NCA claims that around a quarter of the referrals received by its Cyber Prevent service, which tries to stop young people from being drawn into the cyber criminal underground, relate to booter sites.
Booter services such as those offered by the websites enable users to set up an online account and order up a DDoS attack in minutes, exactly as one might order a takeaway online. They offered a range of packages and membership options, starting from as little as $10 (£8) per month, to as much as $2,500 (£2,019) for a deluxe package.
Coming ahead of the Christmas holiday period, the seizure of the sites is likely to have a significant impact on threat actors’ ability to conduct DDoS attacks, which tend to spike at this time of year, with gaming services frequently on the receiving end of them.
The FBI said that many of the websites had claimed to be offering stress-testing services for legitimate networks, but that these claims were nothing more than a pretence, as demonstrated by the seizure of thousands of messages sent between admins and their customers which made it abundantly clear that the site users were not penetration testers.
The wider Operation PowerOff is an ongoing, coordinated response by law enforcement targeting criminal DDoS-for-hire infrastructure. Besides the website seizures, participating agencies are also running ad campaigns targeting people searching the web for such services.
Industry partners Akamai, Cloudflare, Digital Ocean, Entertainment Software Association, Google, Oracle, Palo Alto Networks Unit 42, PayPal, Unit 221B, the University of Cambridge and Yahoo also provided assistance and intelligence in the operation.