UK Sets Up Fake DDoS-for-Hire Sites to Trap Hackers
Is it a real hacking site or a police sting operation? UK law enforcement has resorted to creating fake DDoS-for-hire websites in an effort to nab cybercriminals.
The UK’s National Crime Agency (NCA) today announced the operation as a warning to anyone looking to launch distributed denial-of-service attacks. Such attacks can send a flood of internet traffic to a destination, which can cripple access to a website or knock a user offline.
The agency is indicating it created several fake DDoS-for-fire websites. “All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” the agency said in the announcement(Opens in a new window).
But in reality, the websites are designed to collect data on anyone who uses them. This information is then passed to the NCA or to international law enforcement agencies, if the user is based outside the country.
The NCA is resorting to this “honeypot” approach to essentially discourage low-level cybercriminals from engaging in DDoS attacks, which usually involve harnessing the power of a botnet or server farms to generate the flood of internet traffic.
“Traditional site takedowns and arrests are key components of law enforcement’s response to this threat. However, we have extended our operational capability with this activity, at the same time as undermining trust in the criminal market,” said Alan Merrett, a senior NCA officer.
To back up the warning, the NCA says it recently decided to publicly reveal that one of the disguised DDoS-for-hire websites i s indeed a police operation. The agency did so by replacing the site “with a splash page
Read more on pcmag.com
