Police have arrested one person and detained another in a co-ordinated international operation aimed at the cyber criminal gang calling itself DD4BC (DDoS for bitcoin).
Since July 2014, the gang has been using distributed denial of service (DDoS) attacks – or at least the threat of DDoS attacks – to extort money from a range of organisations.
In the December 2015 operation, police forces from the UK, Bosnia and Herzegovina, Austria and Germany joined forces with Europol.
Key members of DD4BC were identified in Bosnia and Herzegovina by the UK Metropolitan Police Cyber Crime Unit (MPCCU).
Police authorities from Australia, France, Japan, Romania, the US, Switzerland and Interpol supported the co-ordinated activities.
Operation Pleiades included searches of various properties. Europol said an extensive amount of evidence was seized.
The operation, initiated by Austria, was supported by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT).
Operational meetings were organised in The Hague to discuss and plan co-ordinated law enforcement actions against DD4BC.
During the operation, Europol deployed a mobile office, allowing direct access to Europol’s forensic tools and its databases for cross-checking, analysing and exchanging intelligence in real time.
Europol said DDoS attacks remain a considerable threat in the European Union (EU) and beyond, and this type of extortion has become a well-established criminal enterprise affecting thousands of victims globally.
Europol believes the number of unreported incidents is high, noting that the absence of reporting by private companies and individuals hampers law enforcement’s efforts to prosecute threats.
DD4BC initially targeted the online gambling industry, but broadened its activities to include the financial services, oil and gas, entertainment and technology sectors.
In May 2015, Swiss computer emergency response team, GovCert, said several high-profile organisations in Switzerland had been targeted by DD4BC, while Cert-UK confirmed it was monitoring DD4BC’s activities and had issued an advisory through the government’s Cyber Security Information Sharing Partnership (CISP).
Advice for businesses
Europol warned that businesses that pay the ransom to the blackmailers risk appear vulnerable and are often targeted again for a higher amount.
“This is a very low-cost, low-risk way to make money, but organisations should consider very carefully before paying what the attackers demand,” Margee Abrams, Neustar product marketing director told Computer Weekly in September 2015.
“These attacks will continue as long as they are successful, but by investing in mitigation capabilities, organisations can protect themselves as well as drive up the cost for attackers,” she said.
Wil van Gemert, Europol’s deputy director of operations, said law enforcement and its partners have to act to ensure that the cyber space is secure against threats from malicious groups.
“These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage,” he said.
“Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks.”
Van Gemert said police actions, such as Operation Pleiades, highlight the importance of reporting incidents and information-sharing between law enforcement agencies and the targets of DDoS and extortion attacks.
Online extortion is likely to increase in 2016 as cyber criminals devise new ways to personalise attacks, according to Trend Micro’s annual security predictions report.
Online extortion will be accelerated through the use of psychological analysis and social engineering of prospective victims, said the The Fine Line: 2016 Security Predictions report.