Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Law Enforcement Cracks Down on DD4BC Group

Europol announced on Tuesday that a couple of individuals suspected of being tied to the DD4BC cybercriminal group have been identified as part of an international law enforcement operation.

Europol announced on Tuesday that a couple of individuals suspected of being tied to the DD4BC cybercriminal group have been identified as part of an international law enforcement operation.

DD4BC (DDoS “4” Bitcoin) has been launching DDoS attacks against organizations from around the world, demanding Bitcoin payments to stop their attacks. Since mid-2014, the group has targeted hundreds of online gambling, financial services, entertainment and other types of companies in North America, Europe, Asia and Australia.

In mid-December, law enforcement agencies from Austria, Germany, Bosnia and Herzegovina, and the United Kingdom, coordinated by Europol, launched Operation Pleiades in an effort to disrupt the DD4BC group. The operation was also supported by Interpol and police from Australia, Japan, Romania, France, Switzerland and the United States.

According to Europol, the Metropolitan Police Cyber Crime Unit in the UK identified key members of the cybercrime group in Bosnia and Herzegovina. One individual, suspected of being a key member of DD4BC, has been arrested, and another suspect was detained. Police searched multiple locations and seized evidence.

“Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups. These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage,” said Wil van Gemert, Europol’s Deputy Director of Operations. “Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks. Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.”

A report released by Akamai in September 2015 on the activities of DD4BC revealed that the company had observed 141 attacks launched by the extortionists between September 2014 and August 2015. Experts pointed out at the time that the largest DDoS attack they had seen peaked at 56 Gbps, nowhere near the 400-500 Gbps the group threatened its victims with.

Recorded Future reported in December that DD4BC and another notorious DDoS blackmail group dubbed “Armada Collective” had inspired copycats.

Heimdal Security has monitored the activities of DD4BC and it hasn’t observed any escalation in DDoS attacks from this group over the past period.

Advertisement. Scroll to continue reading.

“While our recent threat activity shows no escalation in DDoS attacks from the DD4BC group, knowing and dismantling cyber criminal infrastructure is key to law enforcement success,” Morten Kjaersgaard, CEO of Heimdal Security, told SecurityWeek. “DDoS attacks have been increasingly frequent in the past 6 months, so the Europol and police task forces across Europe are sending a strong signal that such attacks won’t be left without consequences, especially since DD4BC is a primary driver for some of the more prominent attacks.”

Akamai said DD4BC activity decreased considerably in August 2015 from their perspective.

“The overall activity of DD4BC from our perspective dramatically decreased in August of 2015 and we were no longer validating DDoS campaigns against our customer base as of September the same year. Since then, we have been tracking several ‘copycats’ actors group which use similar tactics, where they threaten the victim with emails warning of an impending DDoS against their website unless a ransom is paid in bitcoins. Of the groups, ‘Armada Collective’ seems to be the one most active,” David Fernandez, manager of the Akamai SIRT and Editor in Chief of the State of the Internet Security Report, said via email.

*Updated with statement from Akamai

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

CISO Strategy

The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.


A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...