NCA launches UK ad campaign to divert kids searching for cybercrime tools | ZDNet

by

DDoS-for-hire and Trojan-related searches are on the agency’s radar.

https://zdnet3.cbsistatic.com/hub/i/r/2019/09/13/c224c4f2-d4de-400a-bf50-53b1a004d0dd/thumbnail/570x322/c50d0db6feb112ad9145346723bd5a02/microsoft-patches-two-zerodays-in-massiv-5d7b5eb826d15a000100ea3c-1-sep-13-2019-13-48-04-poster.jpg

Two zero-days fixes among massive Microsoft's September Patch Tuesday
12:46:40
Watch Now

The UK's National Crime Agency (NCA) has launched a new advertising campaign designed to divert young people searching for cybercrime services to white hat alternatives. 

As spotted by cybersecurity expert Brian Krebs, using a UK IP address when searching Google for particular terms that can relate to cybercrime, such as Distributed Denial-of-service (DDoS) for hire, booters, stressers, or Remote Access Trojans (RATs), can result in ads paid for by the agency appearing. 

See also: Coronavirus: Business and technology in a pandemic

The NCA has opted for ads that warn web surfers using DDoS-for-hire services or RATs for criminal purposes are illegal -- but rather than simply discouraging viewers from activities that may land them in jail, the agency is also using the ad space to encourage them to consider ethical cybersecurity roles instead. 

For example, some advertisements link to the UK's Cybersecurity Challenge, which asks "fresh young talent" to participate in games, challenges, and workshops. 

Speaking to Krebs, NCA Senior Manager David Cox said the ads are targeted towards males aged between 13 and 22 years old, based on findings from a 2017 NCA report, "Pathways into cybercrime," that found "challenges, accomplishment, and proving oneself to peers," rather than financial gain, are key motivators when it comes to young men joining the cybercriminal community.

Cox called the scheme a "great success" which has resulted in over 5.3 million impressions and more than 57,000 clicks over the past 30 days. 

CNET: Clearview AI faces lawsuit over gathering people's images without consent

Additional sources of funding are being sought to expand the ad campaign, which will be running indefinitely. A successful, similar 2017 initiative formed the building blocks of the latest scheme.

The NCA's campaign is an interesting take on trying to divert interest in IT and energy into productive areas. Hopefully, this scheme will be more successful than posters released by local authorities earlier this year on behalf of the West Midlands Regional Organised Crime Unit (WMROCU) which urged parents to watch out for the existence of Virtual Machines (VMs), the Tor Browser, Kali Linux, WiFi Pineapple, Discord, and Metasploit on PCS as warning signs their children were up to no good. 

TechRepublic: Google, Microsoft most spoofed brands in latest phishing attacks

The NCA quickly distanced itself from the ill-advised materials, whereas Offensive Security, the developer of Kali Linux, responded with a light-hearted comment that the posters could be considered a "roadmap" to get children started in cybersecurity careers. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0