Honeypot Sting Exposes British Cyber Criminals

Uploaded on 2023-04-01 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Thousands of suspected cyber criminals have been exposed their identities after falling for a honeypot sting run by Britain's National Crime Agency (NCA). This activity forms part of Operation Power Off, the coordinated international response targeting criminal DDoS-for-hire infrastructures worldwide.

The operation was part of a global law enforcement operation to clamp down on cyber criminals using Distributed Denial of Service (DDoS) tactics to target online businesses and users. The operation saw several fake websites created purporting to offer services to cyber criminals.

The NCA said it created several fake DDoS-for-fire websites. “All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” the agency said in a statement.  

DDoS-for-hire services are online platforms offering to generate massive garbage HTTP requests towards a website or online service in exchange for money that overwhelm the webserver and take it offline.

During the operation, the NCA said that “several thousand” people accessed the websites and provided details in order to access criminal services. Investigators revealed that details given by prospective customers have been collated and will be used to target criminals. “All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” the NCA said.  

DDoS-for-hire services enable users to set up accounts and coordinate DDoS attacks “in a matter of minutes”, according to the NCA.  Such attacks have been highly effective in hacking businesses, critical national infrastructure, and public services.

Collectively, the sites taken down in this operation were used to carry out more than 30 million attacks in recent years. 

Alan Merrett from the NCA’s National Cyber Crime Unit commented “The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with eased... Traditional site takedowns and arrests are key components of law enforcement’s response to this threat. However, we have extended our operational capability with this activity, at the same time as undermining trust in the criminal market.” 

The NCA explained that while takedowns and arrests are still a key component of the fight against the threat, their latest tactics extend the impact of their operations to undermine trust in criminal markets and stop DDoS attacks at their source.

The move by the NCA follows a recent crackdown on DDoS-for-hire services globally. In December last year, 48 of the world’s most popular sites were taken offline in a coordinated sting involving the FBI, NCA, and Europol.

NCA:    ITPro:      PCMag:     Bleeping Computer:     Insurance Tines:     

You Might Also Read: 

Conflict Drives A Significant Increase In DDoS Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« New Webinar: Next-generation Firewalls
Universities Are Exposing Their Students To Cyber Threats »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

Ntrepid

Ntrepid

Ntrepid products provide protection from web threats and enable organizations to safely conduct their online activities.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

Hypori

Hypori

Hypori is a virtual smartphone solution that makes truly secure BYOD a reality for organizations in healthcare, finance, government, and beyond.

Desec Security

Desec Security

Desec's training platform allows professionals around of the world to acquire knowledge and practical experience in Information Security.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

Information Technology Solutions (ITS)

Information Technology Solutions (ITS)

Information Technology Solutions is a single source provider for managing and securing mission-critical IT services.

Zorus

Zorus

Zorus provides best-in-class cybersecurity products to MSP partners to help them grow their business and protect their clients.

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

Block Harbor Cybersecurity

Block Harbor Cybersecurity

Block Harbor has worked closely with automakers, suppliers, and regulators since 2014 on vehicle cybersecurity.

Cloudsmith

Cloudsmith

Cloudsmith is the only cloud-native, global, universal artifact management platform for securely developing and distributing software.