Threat Management

‘Key member’ of DD4BC arrested in international crackdown


International police say they are closing in on suspects believed to be behind cyber-crime rascals DD4BC. One ‘main target' of the cyber-gang has been arrested with another kept in detention in a global campaign to take down the group.

Police working under Operation Pleiades, named for the seven sisters of Greek myth, busted in on the suspects earlier this week. According to Europol, this particular taskforce, initiated by Austria, was supported by law enforcement agencies from all over the world including Japan, France, Australia, Romania, Switzerland and the USA.

Alleged top members of DD4BC were identified by the UK's Metropolitan Police Cyber Crime Unit as living in Bosnia Herzegovina.

First emerging towards the end of 2014, DD4BC quickly locked itself into the world's cyber-rogue galleries by targeting organisations large and small, including banks, companies, online gambling groups and financial institutions, attempting to extort large sums. 

The pesky group pioneered a certain modus operandi: find a target, performing a DDoS attack on them and threaten to double down on those attacks, not relenting until the victim pays up. 

The group demanded payments be made in Bitcoin, a largely untraceable crypto-currency. This modus operandi was the basis for the DD4BC name which stands for 'DDoS for Bitcoin'. 

DD4BC was noted for being able to carry out these attacks on a considerable scale. It boasted it could organise DDoS attacks as high as 500 Gbps but the highest recorded examples of DD4BC's flood power ran to around 60 Gbps.  

It is not easy to tell how much money DD4BC made. According to a Europol spokesperson who spoke to, “The fact that many of these incidents are unreported by companies and individuals poses particular difficulties to provide estimations on the financial losses incurred by the targets of these campaigns.”

One particular ransom email, found by Heimdal Security, struck the calm, reasonable tone of Hans Gruber taking the staff of Nakatomi plaza hostage in the classic Bruce Willis film, "Die Hard". 

The note read: "All your servers are going under attack unless you pay 40 Bitcoin. Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps. Right now we are running small demonstrative attack on 1 of your IPs. Don't worry, it will not be hard, since we do not want to crash your server at this moment, and will stop in 60 minutes. It's just to prove that we are serious.”

At this point DD4BC would give the victim 24 hours to respond: “But if you ignore us, and don't pay within 24 hours, long term attack will start, price to stop will go to 100 BTC and will keep increasing for every hour of attack.” 

And it included this cocky warning about reporting the incident to the police: “If you think about reporting us to authorities, feel free to try. But it will not help. We are not amateurs. The best thing that can happen, they will go publicly about it. We will, again, get some free publicity. But for you, price will go up.”

Perhaps predictably, the industry has responded to these arrests with loud applause. Norman Shaw, CEO and founder of ExactTrak, said: “These arrests should make it clear to both hackers and society more generally that cyber-crime is a very real crime and will be prosecuted as such. Meanwhile, enterprises can take heart in the fact that law enforcement has both the skills and the will to fight this crime alongside them.”  

A 2015 report by cyber-security company Verisign claimed that not only were groups like DD4BC pioneers of the DDoS extortion tactic but had inspired other ill-intentioned miscreants to adopt a similar strategy in attempting to bleed cash from their victims. So will these arrests, significant though they are, have a ripple effect on cyber-crime in the wider world? 

Brian Chappell, director of technical services at Beyond Trust, told SC, “Police actions such as this have the potential to make a difference but I believe that it's going to take more instances before the perpetrators of DDoS extortion feel there is a real threat. The risk of being caught always hangs over such activity but it's obviously considered a low risk.”

“That said, do we think the criminals will abandon crime altogether? I doubt it, they will probably refocus their efforts on other activities that are harder to trace. Direct intrusion and data theft are likely targets but as long as we make sure we have the basics covered then we won't be easy targets in that arena either.”

A spokesperson from Europol admitted that this is not a killing blow to the extortion racket: “All the operations, arrests and house searches performed are new sources of information and they could entail new developments in the criminal cases investigated by the law enforcement agencies”. 

This case is not “fully closed until all the information from the operation has been properly analysed”.

It will be some time before we can write, "RIP: DD4BC". 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.