Security Experts:

Law Enforcement Cracks Down on DD4BC Group

Europol announced on Tuesday that a couple of individuals suspected of being tied to the DD4BC cybercriminal group have been identified as part of an international law enforcement operation.

DD4BC (DDoS “4” Bitcoin) has been launching DDoS attacks against organizations from around the world, demanding Bitcoin payments to stop their attacks. Since mid-2014, the group has targeted hundreds of online gambling, financial services, entertainment and other types of companies in North America, Europe, Asia and Australia.

In mid-December, law enforcement agencies from Austria, Germany, Bosnia and Herzegovina, and the United Kingdom, coordinated by Europol, launched Operation Pleiades in an effort to disrupt the DD4BC group. The operation was also supported by Interpol and police from Australia, Japan, Romania, France, Switzerland and the United States.

According to Europol, the Metropolitan Police Cyber Crime Unit in the UK identified key members of the cybercrime group in Bosnia and Herzegovina. One individual, suspected of being a key member of DD4BC, has been arrested, and another suspect was detained. Police searched multiple locations and seized evidence.

“Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups. These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage,” said Wil van Gemert, Europol’s Deputy Director of Operations. “Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks. Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.”

A report released by Akamai in September 2015 on the activities of DD4BC revealed that the company had observed 141 attacks launched by the extortionists between September 2014 and August 2015. Experts pointed out at the time that the largest DDoS attack they had seen peaked at 56 Gbps, nowhere near the 400-500 Gbps the group threatened its victims with.

Recorded Future reported in December that DD4BC and another notorious DDoS blackmail group dubbed “Armada Collective” had inspired copycats.

Heimdal Security has monitored the activities of DD4BC and it hasn’t observed any escalation in DDoS attacks from this group over the past period.

“While our recent threat activity shows no escalation in DDoS attacks from the DD4BC group, knowing and dismantling cyber criminal infrastructure is key to law enforcement success,” Morten Kjaersgaard, CEO of Heimdal Security, told SecurityWeek. “DDoS attacks have been increasingly frequent in the past 6 months, so the Europol and police task forces across Europe are sending a strong signal that such attacks won't be left without consequences, especially since DD4BC is a primary driver for some of the more prominent attacks.”

Akamai said DD4BC activity decreased considerably in August 2015 from their perspective.

“The overall activity of DD4BC from our perspective dramatically decreased in August of 2015 and we were no longer validating DDoS campaigns against our customer base as of September the same year. Since then, we have been tracking several 'copycats' actors group which use similar tactics, where they threaten the victim with emails warning of an impending DDoS against their website unless a ransom is paid in bitcoins. Of the groups, 'Armada Collective' seems to be the one most active,” David Fernandez, manager of the Akamai SIRT and Editor in Chief of the State of the Internet Security Report, said via email.

*Updated with statement from Akamai

view counter