Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Crime Bitcoin

Bitcoin Extortion Group DD4BC Now Targeting Financial Services 70

An anonymous reader writes: Akamai is detailing the activities of DD4BC, a cyber-extortionist group that has launched distributed denial-of-service (DDoS) attacks against numerous organizations and demanded Bitcoin payments to stop the attacks. The group is sending ransom emails requiring payments of 25 to 100 Bitcoin, which is about $6,000 — $24,000 (€5,350 — €21,400). Social media shaming is also part of the deal, threatening to expose the DDOS on Twitter if payment is not made.
This discussion has been archived. No new comments can be posted.

Bitcoin Extortion Group DD4BC Now Targeting Financial Services

Comments Filter:
  • Simply find them and kill them with extreme brutality.
    • Re: (Score:2, Funny)

      by Anonymous Coward

      Thanks for the advice, isis.

    • if justice is more brutal than the crime, then it is not justice

      all punishments for all crimes must be less sever than the crime in question

      or society itself generates brutality and crime

      chopping off hands for theft in sharia law, caning for vandalism in singapore, or locking a guy up for years for smoking pot in the USA: none are not justice

      and you, and people who think like you, asking for death for petty extortion, you are worse criminals than the crime you hate

      • by Anonymous Coward

        Nonsense. Ensuring that crime is more profitable than the punishment is some type of misconfigured claptrap you dreamed up. Even my liberal diehards don't spout this type of tripe. Of course if you think the FBI and Interpol don't have a pretty good idea who DD4BC is, you are even more naïve than your whining indicates.
        They will be punished when the time comes, meanwhile they are fulfilling a much broader purpose, which is mostly keeping the serfs singing songs,

        • if the punishment is worse than the crime than society itself is the source of crime

          sadism is not justice

          in general, we take cues from our culture and our society about how to treat each other. brutality is answered with brutality. a society with brutal punishments is a miserable place where people treat each other excessively harshly for stupid shit: that becomes the norm. should it be?

          the idea of justice is not punitive revenge. that creates a violent feedback loop. you want to dampen that feedback, not a

          • There is a difference between extreme justice and sadism.

            Part of the lure of many crimes is that of a risk/reward analysis that says, "no big deal, if I get caught I'll only do _________"

            A state that enjoys punishing criminals is criminal. A state that reluctantly executes a harsh judgement isn't sadistic. In fact, I would dare say, that if too lenient, letting criminals run free, is itself equal to those that are too extreme in punishment.

            When criminals perpetrate violent crime after violent crime, in a ca

            • likewise, i said the punishment must be less harsh than the crime. i didn't say criminals should get off relatively easily. i won't misunderstand your comment if you don't misunderstand mine

              • likewise, i said the punishment must be less harsh than the crime. i didn't say criminals should get off relatively easily.

                Yes, you did.

          • intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it

            As you advocate committing crimes, I can see where you're coming from....

            The laws concerning marijuana in much of the US are still morally reprehensible, encouraging people to break those laws is worse than the crime(s) of breaking those laws.

            The "society" where laws are ignored will end up being, arguably, just as bad if not worse than the brutal society where people are punished "too harshly" for breaking laws.

      • Keep in mind that I have to live in a country where criminal behavior is the default (yep, a shitty place) and people like me are called suckers for insisting on respect the laws. Here they have no shame of committing crimes, that's why the need for harsh punishments.
        • i don't know where you live, but you're not contradicting my point

          criminals should receive punishments less harsh than their crimes. they shouldn't get off with light punishment. they shouldn't get off with no punishment

      • Giving you some context. The punishment must be greater than the crime, otherwise criminals will find it worth committing the crime. But that does not mean of course that the punishment should not be proportional to the size of the crime. But when your criminals are barbaric animals like here, only extreme punishments work, they just do not understand nothing less than heavy beatings or death.
        • how do you feel after watching this:

          https://www.youtube.com/watch?... [youtube.com]

          you don't perform justice when you become the same as the criminal

          in many cases, it's what they want. validation for their own acts that you commit them as well. even if it's not what they want, you've validated them anyways

          getting knifed for stepping on someone's shoe. execution on the street for taking a purse. keying a car because you don't like how someone parked: this is all "justice" worse than the crime. with your words you are basi

          • Well well... Is very, very easy to say what you say in the security of a proper civilized city my friend... Try to live in an uncivilized city like São Paulo or Rio de Janeiro for a few years to see how your "rosy" view of the world will change quickly... As we say here to idiots like you, "Se acha que eles são coitadinhos então leve eles para a sua casa".
            • why does a thief steal? they see it as justice for how badly they have been treated. why does a rapist rape? they think women treat them badly and they deserve it

              they see it as justice

              isn't that interesting? sound familiar?

              "justice" taken too far is pretty much exactly the same as crime. you have a right to hit someone with your car who is pointing a gun at you. that's justice. you don't have a right to hit someone with your car who insulted your mother. that's crime. but in the eyes of the idiot behind the

              • As i already said before... If you think they deserve your compassion, then take them to your home.
                • i said the punishment must be less harsh than the crime. i didn't say criminals should get off easily. i didn't say they should get off free

                  are you retarded? you can't understand the simple meaning, what i actually said, and have to substitute another meaning that no one said?

                  • Uhh... Sorry, the retarded here is you and only you. Otherwise you would have understood from the beginning what kind of crimes I consider that must be heavily punished, or in your way of black-and-white thinking you even thought I'd be advocating death penalty for minor things like traffic violations and similar infractions?
                    • no crime, not a single one, should be punished more heavily than the crime itself

                      which is what i said

                      which you do not understand

                      if you want to have conversations with imaginary positions that only exist in your head, you don't need the internet for that

      • or locking a guy up for years for smoking pot in the USA

        citation please
    • What makes you think that criminal tendencies can't be cured. Of course it would have helped determine one way or the other if they actually tried.
      • In your country? Maybe. In my country? Many criminals here are nothing but stupid animals, incapable of live in a community.
    • and the weasels started DDOSsing me, I'd say, go ahead and put it on Twitter. we can then go to Federal court and find out who owns the account, and send a bill collector over. one of those effective bill collectors from a Jersey "social club." one of those guys who knows how to work concrete.

  • by msauve ( 701917 ) on Friday September 11, 2015 @06:47AM (#50501585)
    So, extortion, but with Bitcoin. meh.
  • by timholman ( 71886 ) on Friday September 11, 2015 @07:03AM (#50501637)

    Publishing this story is doing no favors to anyone. As many others have pointed out in the past, if your company receives one of these emails, the best strategy is to ignore it.

    These extortionists will send emails to hundreds or thousands of different companies, but they can't DDOS all of them at once. Furthermore, they have no idea if their emails even make it past the spam filters of their targets. So how do they decide who to DDOS? By seeing who responds to the blackmail message. Once you respond, and they know you are listening to them, you are now in their sights - not just this time, but the next time they decide to shake you down.

    Ignore them. If they DDOS you, deal with it, but never acknowledge their demands. They can never be certain that you are receiving their emails, and if you never respond to them, eventually they'll move on to someone else.

    • ignoring works for certain topics: copycat suicides, or mass killers. people who actively seek fame or people who are swayed by the news

      but the topic here is extortion. it's not impressive, it's not something people will copy, and it actually helps the extortionist to keep it quiet: isolate the victim

      it's just notification of a crime occurring

    • If nobody notices a DDOS attack did it really happen?

  • by cdrudge ( 68377 ) on Friday September 11, 2015 @07:10AM (#50501653) Homepage

    Social media shaming is also part of the deal, threatening to expose the DDOS on Twitter if payment is not made.

    What would be the point of this? "We're going to shame you to show that we're trying to extort you and you're not giving in." Is this suppose to cause peer pressure to force the financial institutions to settle? Or to garner sympathy for the attackers?

    • by timholman ( 71886 ) on Friday September 11, 2015 @07:20AM (#50501693)

      What would be the point of this? "We're going to shame you to show that we're trying to extort you and you're not giving in." Is this suppose to cause peer pressure to force the financial institutions to settle? Or to garner sympathy for the attackers?

      It's not logical because you're not dealing with mature people. Keep in mind that these guys are almost certainly a group of young, socially maladjusted individuals. To a professional criminal, 50 BTC is chump change, but to a group of kids who want BTC to buy drugs without Mom and Dad finding out, it's a lot of cash.

      To a kid who grew up on social media, social shaming of your victim might seem an extremely potent weapon, just like school bullying. The rest of us will just scratch our heads and shrug our shoulders.

      • by jaseuk ( 217780 )

        I disagree with your analysis. It's all about knowing the level below which people might pay without involving the authorities. 50 BTC is at the point that pretty much any business might find it in their interests to pay, rather than involving the authorities, expensive IT consultants or down-time. I've been holiday mugged twice - both times the attacker deliberately demanded such an insignificant amount that I never bothered reporting it or fighting it.

        Jason

        • Depends on the IT department and its relationship with the ISP, really. 50 BTC? Meh - it'd take less than a handful of hours to blackhole a DDoS successfully, or at least dampen it to the point of ineffectiveness... it'd cost way less than that in the network engineer's time, even if the exchange rate were $3 per. At worst, there's no shame at all in telling the world: "Some stupid script kiddies tried to crapflood our site, but we shut them down in short order" (well, translated to marketese, anyway).

          Up th

  • Why is this a Bitcoin extortion group? Should it not read: Extortion Group DD4BC uses Bitcoin for extortion payment system?

    • Agreed. The title would only make sense if we similarly used "Dollar extortion group" or "Euro extortion group". Although that's probably redundant, because debt-based currencies have a kind of built-in extortion anyway.
  • Has anybody suggested any kind of solution to these DDoS attacks that the structure of the Internet allows? Current approach seems to accept DDoS as a fact of life and moan when it happens, with the only solution to the problem being to wait it out. When the Internet can gang up on pretty much any other participant (even Google, given enough bots) somebody should at least fire a few shots in the dark in an attempt to find solutions, but I haven't encountered anything on this yet.

    • by radish ( 98371 )

      There are configuration based approaches which work for some specific classes of attack. For the more general case the only thing you can really do is increase your downstream capacity, either by actually having fatter pipes into your DC and the requisite routers/firewalls/proxies to handle the load, or by making use of an upstream filter like cloudflare. Or both :)

    • Make a new internet, this time demanding best practices from anyone linked. Don't have best practices on egress filtering and for responding to reports of source addresses participating in a DDOS? You're delinked. Don't delink servers usable for known amplification attacks? You're delinked.

      Problem solved.

    • by fisted ( 2295862 )

      The internet is a communication medium. Its "structure" allows to send messages. No, there is nothing we can do about a lot of people sending messages. And i don't suppose we want.

  • These clowns did a DDoS on the financial co where I work. They managed to get to about 400Mbs (although they claimed 15Gbps) and never came back. The good thing that came out of it was that we realised our Arbor DDoS wasn't configured right on one of the nodes so that's fixed up now. Our sensors picked it up straight away, the Security Operations Centre reacted in the first few minutes and so most staff/customers/partners didn't even realise.

    Their MOO was to try and find email addresses in linkedin/onlin

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...