NCA infiltrates DDoS-for-hire site as suspected controller arrested in Northern Ireland

The United Kingdom’s National Crime Agency (NCA) announced on Monday having “infiltrated” a DDoS-for-hire service, confirming that an individual suspected of running it had been arrested earlier this month.

DigitalStress, described as “responsible for tens of thousands of attacks every week across the globe,” allowed internet users to launch distributed denial of service (DDoS) or “booster” attacks — an unsophisticated form of cyberattack that can take websites offline but not allow the attacker to steal any data.

“Such attacks have the potential to cause significant harm to businesses and critical national infrastructure, and often prevent people from accessing essential public services such as fire, police or ambulance teams,” warned the NCA.

A suspected controller of the site was arrested on July 2 in partnership with the Police Service of Northern Ireland (PSNI). The PSNI has not announced the individual’s name.

In partnership with the PSNI and FBI, the NCA said it has replaced the DigitalStress website with a mirror that users were redirected to, where law enforcement was able to collect their data.

The NCA said it “also covertly and overtly accessed communication platforms being used to discuss launching DDoS attacks, telling and showing the users of these platforms that nowhere is safe for cyber criminals to talk about their criminal activity.”

The administrators of the DigitalStress website placed the service under the .su domain, which the NCA said “is an old Soviet Union domain which many criminal services use in the belief that it presents a barrier for law enforcement agencies to carry out effective investigations.”

User information collected in the operation is now being analyzed by the NCA. Data relating to users who are based outside of the United Kingdom will be shared with international law enforcement partners for further arrests.

Paul Foster, the head of the NCA’s National Cyber Crime Unit, stated: “Booter services are an attractive entry-level cyber crime, allowing individuals with little technical ability to commit cyber offences with ease. Anyone using these services while our mirror site was in place has now made themselves known to law enforcement agencies around the world.”

Foster stressed that while “traditional site takedowns and arrests are key elements of law enforcement’s response to this threat, we are at the forefront of developing innovative tools and techniques which can be used as part of a sustained programme of activity to disrupt and undermine cyber criminal services and protect people in the UK.”

It follows the NCA last year revealing that it had set up a number of fake DDoS-for-hire sites to infiltrate the online criminal underground.

The year before, the NCA helped take down 48 of the world’s most popular booster sites and arrested an 18-year-old man in Devon in the United Kingdom on suspicion of administering one of the sites.

The U.S. Department of Justice said at the time that six defendants in the U.S. had been charged with overseeing some of these services, which included Booter.sx, Astrostress.com and SecurityTeam.io.