UK crime fighters wrangle “several thousand” potential cyber criminals in DDoS-for-hire honeypot

National Crime Agency (NCA) logo on a plaque attached to its headquarters
(Image credit: Shutterstock)

Thousands of suspected cyber criminals have exposed their identities after falling for a honeypot sting run by UK law enforcement.

The UK's National Crime Agency (NCA) created a fake DDoS-for-hire website that saw scores of users hand over information that will now be used to investigate them.

The operation saw several fake websites created purporting to offer cyber criminal services. The sting was part of a global law enforcement operation to clamp down on cyber criminals using DDoS tactics to target online businesses and users.

During the operation, the NCA said that “several thousand” people accessed the websites and provided details in order to access criminal services.

Investigators revealed that details given by prospective customers have been collated and will be used to target criminals.

“All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks,” the NCA said in a statement.

“However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators.

The NCA’s site domain was replaced with a splash page warning users that their data has been collected. The agency said that UK-based users will be contacted and “warned about engaging in cyber crime”.

The move by the NCA follows a recent crackdown on DDoS-for-hire services globally. In December last year, 48 of the world’s most popular booter sites were taken offline in a coordinated sting involving the FBI, NCA, and Europol.

Collectively, the sites taken down in this operation were used to carry out more than 30 million attacks in recent years.

DDoS as entry-level cyber crime

DDoS-for-hire services – also known as ‘booter services’ - enable users to set up accounts and coordinate DDoS attacks “in a matter of minutes”, according to the NCA.

In the past, these attacks have proven highly effective against businesses, critical national infrastructure, and public services.

DDoS attacks have been a frequent attack method leveraged by Russian state-linked hacker groups targeting Ukrainian public services since the onset of the conflict in February last year.


The IT manager's guide to getting home in time for dinner

A cloud based networking solution that does away with configurations


Alan Merrett from the NCA’s National Cyber Crime Unit described booter services as a “key enabler” of cyber crime, adding that they provide criminals with easily accessible tools to wreak havoc.

“The perceived anonymity and ease of use afforded by these services means that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease,” he said.

“Traditional site takedowns and arrests are key components of law enforcement’s response to this threat. However, we have extended our operational capability with this activity, at the same time as undermining trust in the criminal market.”

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.