Bitcoin Extortion Group DD4BC Now Targeting Financial Services

An anonymous reader writes: Akamai is detailing the activities of DD4BC, a cyber-extortionist group that has launched distributed denial-of-service (DDoS) attacks against numerous organizations and demanded Bitcoin payments to stop the attacks. The group is sending ransom emails requiring payments of 25 to 100 Bitcoin, which is about $6,000 — $24,000 (€5,350 — €21,400). Social media shaming is also part of the deal, threatening to expose the DDOS on Twitter if payment is not made.

Do not negotiate with criminals

[TheDarkMaster]

Simply find them and kill them with extreme brutality.

Re:

[Anonymous Coward]

Thanks for the advice, isis.

Re:

[circletimessquare]

if justice is more brutal than the crime, then it is not justice

all punishments for all crimes must be less sever than the crime in question

or society itself generates brutality and crime

chopping off hands for theft in sharia law, caning for vandalism in singapore, or locking a guy up for years for smoking pot in the USA: none are not justice

and you, and people who think like you, asking for death for petty extortion, you are worse criminals than the crime you hate

Re:

[circletimessquare]

yes, absolutely

because if the punishment is worse than the crime than society itself is the source of crime

in general, we take cues from our culture and our society about how to treat each other. brutality is answered with brutality. a society with brutal punishments is a miserable place where people treat each other excessively harshly for stupid shit: that becomes the norm. should it be?

the idea of justice is not punitive revenge. that creates a violent feedback loop. you want to dampen that feedback, not

Re:

[circletimessquare]

why is wrath one of the seven deadly sins?

https://en.wikipedia.org/wiki/... [wikipedia.org]

i'm not asking if you're catholic, i'm asking you why wrath is classified as such a terrible thing

think about yourself. easy petty cruel judgment is not a good thing. it is in fact one of the most destructive things, on a societal level and a personal level. for instance you've just given me insight about how you treat yourself if you do something minor and wrong by accident, how you treat yourself. i pity you, i wouldn't want to be

Re:

[circletimessquare]

so don't read my comments. this isn't a fucking doctoral dissertation, it's a comment board. adjust your expectations

to me it's a sign of a brittle mind, to be so bothered by punctuation. it is of benefit to me and everyone else therefore to weed people like you out of the discussion

I am perfectly capable of standard punctuation. But nowadays I do all lowercase on purpose. Exactly because of comments like yours.

good riddance

Re:

[Lotharus]

You're not fucking ee cummings.

Are you certain? Some people are really into dead poets...

Re:

[tehcyder]

Yea....I'm sure you will say that if some scumbag break into your home one night and brutally robs and beats you up to within an inch of your life, trashes your home, kills or injures loved ones that may be there with you at the time.... You will want his freakin' head on a platter and so would I.

That is why we have a legal system. Otherwise, even minor arguments will end up in murder.

Re:

[david_thornley]

Crime tends to be destructive. If a criminal kills me, and spends the rest of his life in prison, then his consequences are less dire than mine, but it's a whole lot worse for the criminal than refraining from killing me would have been. It's hard to see how that murder would be a positive expectancy for anybody (particularly not me).

The punishment has to be worse than the crime from the criminal's point of view. It doesn't have to be from any other point of view.

Re:

[Anonymous Coward]

Nonsense. Ensuring that crime is more profitable than the punishment is some type of misconfigured claptrap you dreamed up. Even my liberal diehards don't spout this type of tripe. Of course if you think the FBI and Interpol don't have a pretty good idea who DD4BC is, you are even more naïve than your whining indicates.
They will be punished when the time comes, meanwhile they are fulfilling a much broader purpose, which is mostly keeping the serfs singing songs,

Re:

[circletimessquare]

if the punishment is worse than the crime than society itself is the source of crime

sadism is not justice

in general, we take cues from our culture and our society about how to treat each other. brutality is answered with brutality. a society with brutal punishments is a miserable place where people treat each other excessively harshly for stupid shit: that becomes the norm. should it be?

the idea of justice is not punitive revenge. that creates a violent feedback loop. you want to dampen that feedback, not a

Re:

[Archangel Michael]

There is a difference between extreme justice and sadism.

Part of the lure of many crimes is that of a risk/reward analysis that says, "no big deal, if I get caught I'll only do _________"

A state that enjoys punishing criminals is criminal. A state that reluctantly executes a harsh judgement isn't sadistic. In fact, I would dare say, that if too lenient, letting criminals run free, is itself equal to those that are too extreme in punishment.

When criminals perpetrate violent crime after violent crime, in a ca

Re:

[circletimessquare]

likewise, i said the punishment must be less harsh than the crime. i didn't say criminals should get off relatively easily. i won't misunderstand your comment if you don't misunderstand mine

Re:

[murkwood7]

likewise, i said the punishment must be less harsh than the crime. i didn't say criminals should get off relatively easily.

Yes, you did.

Re:

[murkwood7]

intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it

As you advocate committing crimes, I can see where you're coming from....

The laws concerning marijuana in much of the US are still morally reprehensible, encouraging people to break those laws is worse than the crime(s) of breaking those laws.

The "society" where laws are ignored will end up being, arguably, just as bad if not worse than the brutal society where people are punished "too harshly" for breaking laws.

Re:

[TheDarkMaster]

Keep in mind that I have to live in a country where criminal behavior is the default (yep, a shitty place) and people like me are called suckers for insisting on respect the laws. Here they have no shame of committing crimes, that's why the need for harsh punishments.

Re:

[circletimessquare]

i don't know where you live, but you're not contradicting my point

criminals should receive punishments less harsh than their crimes. they shouldn't get off with light punishment. they shouldn't get off with no punishment

Re:

[TheDarkMaster]

Giving you some context. The punishment must be greater than the crime, otherwise criminals will find it worth committing the crime. But that does not mean of course that the punishment should not be proportional to the size of the crime. But when your criminals are barbaric animals like here, only extreme punishments work, they just do not understand nothing less than heavy beatings or death.

Re:

[circletimessquare]

how do you feel after watching this:

https://www.youtube.com/watch?... [youtube.com]

you don't perform justice when you become the same as the criminal

in many cases, it's what they want. validation for their own acts that you commit them as well. even if it's not what they want, you've validated them anyways

getting knifed for stepping on someone's shoe. execution on the street for taking a purse. keying a car because you don't like how someone parked: this is all "justice" worse than the crime. with your words you are basi

Re:

[TheDarkMaster]

Well well... Is very, very easy to say what you say in the security of a proper civilized city my friend... Try to live in an uncivilized city like São Paulo or Rio de Janeiro for a few years to see how your "rosy" view of the world will change quickly... As we say here to idiots like you, "Se acha que eles são coitadinhos então leve eles para a sua casa".

Re:

[circletimessquare]

why does a thief steal? they see it as justice for how badly they have been treated. why does a rapist rape? they think women treat them badly and they deserve it

they see it as justice

isn't that interesting? sound familiar?

"justice" taken too far is pretty much exactly the same as crime. you have a right to hit someone with your car who is pointing a gun at you. that's justice. you don't have a right to hit someone with your car who insulted your mother. that's crime. but in the eyes of the idiot behind the

Re:

[TheDarkMaster]

As i already said before... If you think they deserve your compassion, then take them to your home.

Re:

[circletimessquare]

i said the punishment must be less harsh than the crime. i didn't say criminals should get off easily. i didn't say they should get off free

are you retarded? you can't understand the simple meaning, what i actually said, and have to substitute another meaning that no one said?

Re:

[TheDarkMaster]

Uhh... Sorry, the retarded here is you and only you. Otherwise you would have understood from the beginning what kind of crimes I consider that must be heavily punished, or in your way of black-and-white thinking you even thought I'd be advocating death penalty for minor things like traffic violations and similar infractions?

Re:

[circletimessquare]

no crime, not a single one, should be punished more heavily than the crime itself

which is what i said

which you do not understand

if you want to have conversations with imaginary positions that only exist in your head, you don't need the internet for that

Re:

[Stan92057]

or locking a guy up for years for smoking pot in the USA

citation please

Re:

[circletimessquare]

you don't need to cite commonly known facts of a topic. if you are unaware of how common extreme punishment for minor drug crimes is, you're only announcing how out of touch you are on the subject

google "years in jail marijuana possession"

http://www.huffingtonpost.com/... [huffingtonpost.com]

http://www.salon.com/2012/10/2... [salon.com]

http://www.forbes.com/sites/ja... [forbes.com]

http://www.rense.com/general61... [rense.com]

https://www.aclu.org/marijuana... [aclu.org]

american drug laws are stupid, pointless, and insane, and have achieved zero effect. it's easy as ever to ge

Re:

[hackwrench]

What makes you think that criminal tendencies can't be cured. Of course it would have helped determine one way or the other if they actually tried.

Re:

[TheDarkMaster]

In your country? Maybe. In my country? Many criminals here are nothing but stupid animals, incapable of live in a community.

if I was head of Blankety Bank...

[swschrad]

and the weasels started DDOSsing me, I'd say, go ahead and put it on Twitter. we can then go to Federal court and find out who owns the account, and send a bill collector over. one of those effective bill collectors from a Jersey "social club." one of those guys who knows how to work concrete.

Re:

[Chrisq]

in exposure about being attacked by a bunch of dipshits?

I expect the threat is that if it succeeds they can say "we can bring down the Acme Bank online banking site whenever we want", probably with false implications that customers money is not safe, etc. Certainly the best option is to defend and say "do your worst". There are some sites that are almost continually under attack [jihadwatch.org] by enemies of freedom of speech, and they manage to keep going.

This is news for nerds?

[msauve]

So, extortion, but with Bitcoin. meh.

Re:

[Godwin O'Hitler]

Nerd check:

[x] DDOS
[x] Bitcoin
[x] Twitter

Bingo!

The best strategy is to ignore them

[timholman]

Publishing this story is doing no favors to anyone. As many others have pointed out in the past, if your company receives one of these emails, the best strategy is to ignore it.

These extortionists will send emails to hundreds or thousands of different companies, but they can't DDOS all of them at once. Furthermore, they have no idea if their emails even make it past the spam filters of their targets. So how do they decide who to DDOS? By seeing who responds to the blackmail message. Once you respond, and they know you are listening to them, you are now in their sights - not just this time, but the next time they decide to shake you down.

Ignore them. If they DDOS you, deal with it, but never acknowledge their demands. They can never be certain that you are receiving their emails, and if you never respond to them, eventually they'll move on to someone else.

Re:

[circletimessquare]

ignoring works for certain topics: copycat suicides, or mass killers. people who actively seek fame or people who are swayed by the news

but the topic here is extortion. it's not impressive, it's not something people will copy, and it actually helps the extortionist to keep it quiet: isolate the victim

it's just notification of a crime occurring

If nobody notices...

[Martin Spamer]

If nobody notices a DDOS attack did it really happen?

What's the point of "shaming"?

[cdrudge]

Social media shaming is also part of the deal, threatening to expose the DDOS on Twitter if payment is not made.

What would be the point of this? "We're going to shame you to show that we're trying to extort you and you're not giving in." Is this suppose to cause peer pressure to force the financial institutions to settle? Or to garner sympathy for the attackers?

Re:What's the point of "shaming"?

[timholman]

What would be the point of this? "We're going to shame you to show that we're trying to extort you and you're not giving in." Is this suppose to cause peer pressure to force the financial institutions to settle? Or to garner sympathy for the attackers?

It's not logical because you're not dealing with mature people. Keep in mind that these guys are almost certainly a group of young, socially maladjusted individuals. To a professional criminal, 50 BTC is chump change, but to a group of kids who want BTC to buy drugs without Mom and Dad finding out, it's a lot of cash.

To a kid who grew up on social media, social shaming of your victim might seem an extremely potent weapon, just like school bullying. The rest of us will just scratch our heads and shrug our shoulders.

Re:

[jaseuk]

I disagree with your analysis. It's all about knowing the level below which people might pay without involving the authorities. 50 BTC is at the point that pretty much any business might find it in their interests to pay, rather than involving the authorities, expensive IT consultants or down-time. I've been holiday mugged twice - both times the attacker deliberately demanded such an insignificant amount that I never bothered reporting it or fighting it.

Jason

Re:

[Penguinisto]

Depends on the IT department and its relationship with the ISP, really. 50 BTC? Meh - it'd take less than a handful of hours to blackhole a DDoS successfully, or at least dampen it to the point of ineffectiveness... it'd cost way less than that in the network engineer's time, even if the exchange rate were $3 per. At worst, there's no shame at all in telling the world: "Some stupid script kiddies tried to crapflood our site, but we shut them down in short order" (well, translated to marketese, anyway).

Up th

Misleading title

[jmd]

Why is this a Bitcoin extortion group? Should it not read: Extortion Group DD4BC uses Bitcoin for extortion payment system?

Re:

[TeknoHog]

Agreed. The title would only make sense if we similarly used "Dollar extortion group" or "Euro extortion group". Although that's probably redundant, because debt-based currencies have a kind of built-in extortion anyway.

DDoS solutions?

[iTrawl]

Has anybody suggested any kind of solution to these DDoS attacks that the structure of the Internet allows? Current approach seems to accept DDoS as a fact of life and moan when it happens, with the only solution to the problem being to wait it out. When the Internet can gang up on pretty much any other participant (even Google, given enough bots) somebody should at least fire a few shots in the dark in an attempt to find solutions, but I haven't encountered anything on this yet.

Re:

[radish]

There are configuration based approaches which work for some specific classes of attack. For the more general case the only thing you can really do is increase your downstream capacity, either by actually having fatter pipes into your DC and the requisite routers/firewalls/proxies to handle the load, or by making use of an upstream filter like cloudflare. Or both :)

Re:

[Pinky's Brain]

Make a new internet, this time demanding best practices from anyone linked. Don't have best practices on egress filtering and for responding to reports of source addresses participating in a DDOS? You're delinked. Don't delink servers usable for known amplification attacks? You're delinked.

Problem solved.

Re:

[fisted]

The internet is a communication medium. Its "structure" allows to send messages. No, there is nothing we can do about a lot of people sending messages. And i don't suppose we want.

only got to 400Mbs

[rapiddescent]

These clowns did a DDoS on the financial co where I work. They managed to get to about 400Mbs (although they claimed 15Gbps) and never came back. The good thing that came out of it was that we realised our Arbor DDoS wasn't configured right on one of the nodes so that's fixed up now. Our sensors picked it up straight away, the Security Operations Centre reacted in the first few minutes and so most staff/customers/partners didn't even realise.

Their MOO was to try and find email addresses in linkedin/onlin