Crime agency turns to Google ads to deter teen DDoS hackers

Britain’s National Crime Agency (NCA) has hit on what looks like a simple way to stop impressionable teens from being sucked into cybercrime – advertise the terrible legal consequences using Google Ads.
Spotted earlier in the month by security blogger Brian Krebs, during May anyone searching for Distributed Denial of Service (DDoS) ‘stresser’ and ‘booter’ would have found it hard to miss the ads, one of which apparently ran the following blunt warning at the top of search results:

Gaming and cyber crime – Booting is illegal.

Booters are illegal DDoS-for-hire services used to overload websites with huge amounts of traffic, with gaming servers a favourite target (stressers are synonymous with much the same nefarious idea although in theory they also have legitimate uses such as helping sysadmins model the traffic capacity of their websites).
We couldn’t track down this ad, but the gist of the message would have been similar to the NCA’s official page, which pushes the message that in the UK (and the US) DDoS attacks are definitely a bad idea if you don’t want a visit from the police in the early hours of the morning.
It sounds too good to be true – can a simple ad deter teen would-be hackers that easily? In fact, the evidence of similar campaigns run by the NCA in the past is that it has some effect.
According to data gathered by the University of Cambridge Cybercrime Centre, a 2017 NCA campaign reduced the growth in demand for these services over the six-month period it was running. No, it didn’t stop them but their popularity stopped rising.

Now for the punchline

As Krebs himself notes, as useful a deterrent as the NCA’s Google ads might have been, they’re competing with – wait for it – rival campaigns run on the same Google AdWords system offering the very booter and stresser services the NCA is trying to stop.
Why doesn’t Google stop taking money to advertise these services? Because, as noted above, it’s remotely possible some of these services are legitimate stress testers and proving they’re up to no good is not always straightforward.
Google says it takes down criminal ads when they are detected using a mix of automated systems and human intervention, which has worked well in the recent past to block the scammy tech support ads that once filled up search results.
Not everyone buys that defence, although it’s clear that how impressionable teens find cybercrime services in the first place using search engines, including Googles, is not a side issue. Arguably, then, as long as these ads enjoy prominent placings, spending taxpayers’ money countering such ads with rival advertising is the definition of a pointless task.
An alternative view is that ad campaigns such as these are about something bigger than deterring the small teen user base for DDoS services.
All cybercriminals start somewhere after all, and one of the easiest ways to cross the line into illegality is to order an automated DDoS attack. Stop even a handful of those people from crossing to the dark side and you’re probably also stopping a lot of criminal acts down the line.
The UK has had a particular problem with teens who not only use these services but create and run them too, such as the 16 year old who pleaded guilty in 2016 to launching nearly 600 such attacks.
The year before that, six teens were arrested for having used the infamous LizardStresser DDoS tool.
While there’s no evidence that teens make up a huge proportion of cybercriminals, once lost to cybercrime they will be around causing trouble for a lot longer.

Latest Naked Security podcast