Key members of a suspected cyber criminal gang specialising in distributed denial of service (DDoS) extortion have been arrested following a joint operation by police forces across Europe.
Law enforcement agencies from the UK, Austria, Bosnia and Herzegovina, and Germany were all involved in the operation, dubbed Operation Pleiades, against cyber-crime group DD4BC (Distributed Denial of Service for Bitcoin).
DD4BC has been responsible for a number of bitcoin extortion campaigns since the middle of 2014. It has mostly targeted the online gambling industry, but the group has also broadened its activity to target financial services, the entertainment sector and other high-profile industries.
Key members of the gang were identified in Bosnia by the UK Metropolitan Police Cyber Crime Unit (MPCCU), which shared information with other police forces across the world, including Australia, France, Japan, Romania and the US. The operation was also supported by Interpol.
“Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups,” said Wil van Gemert, Europol’s deputy director of operations. He warned that companies that don’t report DDoS attacks, especially where demands are involved, are putting others at risk of similar cyber crime activity.
“These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage. Without enhanced reporting mechanisms, law enforcement is missing vital means to protect companies and users from recurring cyber-attacks,” he said.
“Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks,” van Gemert added.
Authorities often cite how collaboration is key when it comes to dealing with cyber crime. Paul Gillen, head of operations for Europol’s European Cyber Crime Centre, has argued that it’s essential for private and public organisations to work together to fight the threat.
“This is the way to go, this is what we’re going to have to do from now on. We’re going to have to perfect this model and perfect it to maintain operational secrecy,” he said.
Paul Nicholson, director of product marketing at cyber security specialist A10 Networks, welcomed the arrest but warned that it won’t stop cyber criminals from trying to extort ransoms.
“This isn’t the last we’ve heard of DDoS attacks for the purpose of ransom. Distributed denial of service attacks are easier to pull off than ever, which is why we are seeing them increasingly used as a means of gaining leverage over businesses that are highly reliant on the Internet,” he said.
“For organisations such as banks, financial institutions and even gambling websites, network downtime is equated with an immediate loss of revenue, which can lead them to give in to demands. Fortifying defences must be these organisations’ top priority,” Nicholson added.