NCA cracks digitalstress DDoS-for-hire operation
The UK authorities have taken down a major component of the multinational DDoS cyber attack-for-hire ecosystem, hacking into the digitalstress.su service and exfiltrating data on its users, who now face arrest
The UK’s National Crime Agency (NCA) has infiltrated and disrupted digitalstress.su, an underground criminal marketplace that hired infrastructure out to conduct distributed denial of service (DDoS) attacks and is thought to have been responsible for tens of thousands of cyber attacks around the world.
Working alongside the Police Service of Northern Ireland (PSNI), which arrested one of the site’s suspected controllers earlier in July 2024, the NCA said it had been able to fully take over the website and disable its functionality.
Digitalstress.su was registered on the USSR web domain – which was largely superseded by .ru after the dissolution of the Soviet Union but is still operable and administered from Russia.
Many cyber criminal operations continue to use it under the impression it provides cover from law enforcement, which is not the case.
It now redirects to a mirror website containing a splash page warning users their data has been collected by law enforcement.
The NCA said its activity – which forms part of an ongoing global campaign called Operation PowerOff – had shown such domains are vulnerable, and can be easily exploited to stop criminal activity and identify those behind it.
It said it had already covertly and overtly accessed a number of communications platforms being used to discuss launching DDoS attacks, adding that it has collected data on users that it will be using in law enforcement actions in the future, while information on those located outside the UK has been passed to the relevant authorities.
Entry-level cyber crime
Deputy director Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “Booter services are an attractive entry-level cyber crime, allowing individuals with little technical ability to commit cyber offences with ease.
“Anyone using these services while our mirror site was in place has now made themselves known to law enforcement agencies around the world,” he said.
“Although traditional site takedowns and arrests are key elements of law enforcement’s response to this threat, we are at the forefront of developing innovative tools and techniques which can be used as part of a sustained programme of activity to disrupt and undermine cyber criminal services and protect people in the UK,” added Foster.
“Our operations continue to demonstrate that criminals online can have no assurance of anonymity or impunity,” he said.
PSNI detective chief inspector Paul Woods added: “This is an excellent example of collaborative working.
“We will continue to work tirelessly alongside our law enforcement partners to disrupt the activities of those who use cyber technology to cause damage, whether locally or globally,” he said.
“Today’s welcome announcement should send a clear message to all cyber criminals that whatever your motive or means, you are not beyond identification and investigation.”
Read more about DDoS attacks
- Threat actors use DDoS attacks to flood a target network with traffic, making it difficult for defenders to detect and contain the threat.
- DoS and DDoS attacks may not be new, but that doesn't mean they are any less disruptive to organisations. Companies should understand what they are and how they work.
- This podcast episode covers the record-breaking DDoS attack Rapid Reset, why it stands out among other DDoS campaigns and whether it will be widely replicated in the future.
DDoS-for-hire – also known as booter – services enable users to order up attacks against target websites and infrastructure at the drop of a hat. In such attacks, the targeted infrastructure is bombarded by junk internet traffic until it’s overwhelmed and the service is disrupted.
DDoS attacks are relatively simple forms of cyber attack designed to cause noise and disruption, and as such are favoured by less experienced hackers, trolls and hacktivists, although some financially motivated cyber criminals have been known to tie them to extortion attempts, demanding money not to attack a service.
In general, such attacks are not considered very difficult to deal with and rarely cause significant, lasting damage. However, given their potential to cause harm to businesses, public services and critical national infrastructure, they are illegal under the Computer Misuse Act (CMA) of 1990.
