An advertising campaign warning that DoS attacks are illegal has proved successful in reducing cybercrime.
In a new study, researchers from the University of Cambridge and the University of Strathclyde looked at four different cybercrime prevention methods employed by law enforcement agencies in the US and UK.
The results showed that while high-profile arrests caused only a two-week reduction in the number of cyber-attacks taking place, targeted messaging campaigns and the takedown of infrastructure led to a sharper and longer-term reduction in cybercrime.
Sentencing was found to have no widespread effect on reducing crime, perhaps because attackers in one country weren’t affected by sentences meted out elsewhere.
The research, which was presented today at the ACM Internet Measurement Conference in Amsterdam, focused particularly on denial of service (DoS) attacks. These attacks generate a large amount of traffic that overwhelms end users or web services, taking them offline.
DoS attacks can be purchased easily from so-called "booter" service websites for just a few dollars. This cheap and accessible form of attack is popular within the gaming community as a way of wreaking revenge on another user.
"Law enforcement are concerned that DoS attacks purchased from a booter site might be like a ‘gateway drug’ to more serious cybercrime," said Ben Collier from Cambridge’s Department of Computer Science & Technology, the paper’s first author.
Collier and his colleagues from the Cambridge Cybercrime Centre used two datasets with granular data about the attacks from booter sites, and then modeled how the data correlated with different intervention tactics from the National Crime Agency (NCA) in the UK, the Federal Bureau of Investigation (FBI) in the US, and other international law enforcement agencies.
From late December 2017 to June 2018, the NCA targeted young gamers in the UK with Google adverts explaining that DoS attacks are illegal. The adverts would appear when a user searched for booter services.
"It’s surprising, but it seems to work, like a type of digital guardianship," said Collier. "At the exact moment you get curious about getting involved in cybercrime, you get a little tap on the shoulder.
"It might not work for people who are already involved in this type of cybercrime, but it appeared to dramatically decrease the numbers of new people getting involved."