Honeypot Sting Exposes British Cyber Criminals

Thousands of suspected cyber criminals have been exposed their identities after falling for a honeypot sting run by Britain's National Crime Agency (NCA). This activity forms part of Operation Power Off, the coordinated international response targeting criminal DDoS-for-hire infrastructures worldwide.

The operation was part of a global law enforcement operation to clamp down on cyber criminals using Distributed Denial of Service (DDoS) tactics to target online businesses and users. The operation saw several fake websites created purporting to offer services to cyber criminals.

The NCA said it created several fake DDoS-for-fire websites. “All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” the agency said in a statement.  

DDoS-for-hire services are online platforms offering to generate massive garbage HTTP requests towards a website or online service in exchange for money that overwhelm the webserver and take it offline.

During the operation, the NCA said that “several thousand” people accessed the websites and provided details in order to access criminal services. Investigators revealed that details given by prospective customers have been collated and will be used to target criminals. “All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” the NCA said.  

DDoS-for-hire services enable users to set up accounts and coordinate DDoS attacks “in a matter of minutes”, according to the NCA.  Such attacks have been highly effective in hacking businesses, critical national infrastructure, and public services.

Collectively, the sites taken down in this operation were used to carry out more than 30 million attacks in recent years. 

Alan Merrett from the NCA’s National Cyber Crime Unit commented “The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with eased... Traditional site takedowns and arrests are key components of law enforcement’s response to this threat. However, we have extended our operational capability with this activity, at the same time as undermining trust in the criminal market.” 

The NCA explained that while takedowns and arrests are still a key component of the fight against the threat, their latest tactics extend the impact of their operations to undermine trust in criminal markets and stop DDoS attacks at their source.

The move by the NCA follows a recent crackdown on DDoS-for-hire services globally. In December last year, 48 of the world’s most popular sites were taken offline in a coordinated sting involving the FBI, NCA, and Europol.

NCA:    ITPro:      PCMag:     Bleeping Computer:     Insurance Tines:     

You Might Also Read: 

Conflict Drives A Significant Increase In DDoS Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« New Webinar: Next-generation Firewalls
Universities Are Exposing Their Students To Cyber Threats »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

softScheck

softScheck

softScheck is an IT security consultancy. Services range from pentesting and compliance testing to security auditing of software and IT infrastructure.

Security Audit Systems

Security Audit Systems

Security Audit Systems is a website security specialist providing website security audits and managed web security services.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

Rhebo

Rhebo

Rhebo Industrial Protector monitors and ensures the continuous, correct, and predictable operation of real-time Industrial Control Systems to prevent outages and reduce downtimes.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

Securis

Securis

Securis provides organizations and agencies with the highest level of professional, ultra-secure data destruction and IT recycling.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

Quantropi

Quantropi

Quantropi is bound to be the standard for quantum-secure data communications – forever unbreakable, no matter what.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

Surefire Cyber

Surefire Cyber

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities.

Altospam

Altospam

Altospam is a full service corporate email protection, integrating multiple security levels for your emails.