An international operation targeting tools and services used to commit serious cyber attacks has seen the takedown of 48 of the world’s most popular ‘booter’ sites.

The sites – which enabled cyber criminals to execute Distributed Denial of Service (DDoS) attacks designed to overwhelm websites and force them offline - were taken down yesterday by the FBI, following close collaboration with the National Crime Agency, Netherlands Police and Europol, under Operation PowerOFF.

Web domains of the so called ‘booter’ services were replaced with a law enforcement splash page explaining that they had been seized and were no longer available for use.

Around the same time, National Crime Agency officers arrested an 18-year-old man in Devon, who is suspected of being an administrator of one of the sites.

Charges were also filed against a further six alleged site admins in the US.

DDoS attacks are illegal in the UK under the Computer Misuse Act 1990.

Booter services allow users to set up accounts and order DDoS attacks in a matter of minutes. Such attacks have the potential to cause significant harm to businesses and critical national infrastructure, and often prevent people from accessing essential public services.

They offer a range of packages and membership options, with prices ranging from $10 to $2500 per month.

Their ease of access means these tools and services have made it easier for people with low level cyber skills to commit offences. Around a quarter of referrals received by the NCA’s Cyber Prevent Team involve individuals using booter services.

The sites seized yesterday were the biggest DDoS-for-hire services on the market, with one having been used to carry out over 30 million attacks.

Customer data from all of the sites has been pulled and is being analysed by law enforcement. Admins and users based in the UK will be visited by the National Crime Agency or police in the coming months.

Operation PowerOFF is the ongoing, coordinated response by international law enforcement targeting criminal DDoS-for-hire infrastructures worldwide.

As well as the website seizures, the NCA, FBI Anchorage Field Office and Netherlands Police are running advertising campaigns targeting people looking for cyber crime services on search engines.

Individuals searching for these services in the UK are met with targeted messaging telling them that DDOS is a crime under the Computer Misuse Act 1990, and directing them to the Cyber Choices webpage.

Cyber Choices is the national programme, co-ordinated by the NCA, which helps those on the fringes of committing cyber crime understand the law and encourages them to use their skills legally.

Frank Tutty from the NCA’s National Cyber Crime Unit said:

“This operation has taken out a significant proportion of the DDoS-for-hire marketplace, removing booter services which are a key enabler of this criminality.

“The perceived anonymity and ease of use afforded by booter services now means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.

“The NCA’s Cyber Prevent Team works to identify such individuals who are on the cusp of cyber criminality before they commit more serious offences.

“Users of these sites based in the UK have been identified and can expect a visit from the NCA or police in the coming months.”

15 December 2022