Earlier this year, Operation Pleaides, an international law enforcement effort, took down at least one main target in the cybercriminal group DD4BC (Distributed-Denial-of-Service for Bitcoin).
A Europol January press release celebrated the “arrest of a main target and one or more suspect detained”. Property searches at multiple locations also led to the seizure of “an extensive amount of equipment”.
The actions were the result of a joint collaboration between Europol and law enforcement agencies from Austria, Bosnia and Herzegovina, Germany and the United Kingdom.
Crucial members of the organised crime network were identified in Bosnia and Herzegovina by the UK Metropolitan Police Cyber Crime Unit (MPCCU). Police authorities from Australia, France, Japan, Romania, the US, Switzerland and INTERPOL helped to support the synchronized activities.
The operational activity, instigated by Austria, was reinforced by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT). Operational meetings were held in The Hague to confer and design coordinated law enforcement actions against DD4BC. On the action days, Europol positioned a mobile office in the field, providing direct access to Europol’s forensic tools and its databases to the law enforcement agencies involved for cross-checking, analysing and exchanging intelligence in real time.
The DD4BC group was responsible for several notorious Bitcoin extortion campaigns involving DDoS attack strategies, starting in mid-2014. The group mainly targeted the online gaming industry, however, in recent times, it had broadened its focus to the financial services and entertainment sectors, in addition to several high-profile companies. Businesses who paid a ransom were shown to be more at risk of further targeted actions.
The group would essentially threaten targets with massive DDoS attack campaigns unless they paid a ransom using Bitcoins. The attacks threatened the company’s reputations by causing service interruptions and bringing visibility to their security operations, in addition to potentially impacted customers significant sums of money owing to both down-time and the need for enhanced DDoS mitigation services.
According to an Akamai profile of the group, each DD4BC campaign initially started with an email that told the victim about a low-level DDoS attack already underway against its website. The email then went on to demand a ransom paid in Bitcoins in return for DD4BC not launching a larger DDoS attack against the target.
Wil van Gemert, Europol’s Deputy Director Operations said, “Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups. These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage. Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks. Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.”