Law Enforcement raided DDoS extortion group DD4BC

The Europol announced the arrest of two individuals suspected of being tied to the DD4BC criminal group specialized in extortion activities.

According to a press statement issued by the Europol, in December a joint operation of law enforcement from Austria, Bosnia and Herzegovina, Germany, and the U.K. allowed the identification and the arrest of two individuals linked to the extortion group DD4BC (DDoS “4” Bitcoin).

The Europol statement says that on December 15 and 16, an international group of law enforcement agencies raided key members of DD4BC in Bosnia and Herzegovina.

According to Europol, under Operation Pleiades, the Metropolitan Police Cyber Crime Unit in the UK identified key members of the DD4BC crew, one has been arrested, and another suspect was detained.

The DD4BC group is active since mid-2014, it launched numerous DDoS attacks with extortion purpose against organizations in the public sector and companies in the banking, media and financial industries. The members of the group interrupt their attacks only after payment of a fee in Bitcoin.

“The action was initiated as part of a global law enforcement response against the criminal organisation. Key members of the organised network were identified in Bosnia and Herzegovina by the UK Metropolitan Police Cyber Crime Unit (MPCCU) which provided vital information to the investigation. Police authorities from Australia, France, Japan, Romania, the USA^[4], Switzerland and INTERPOL supported the coordinated activities.” states the press statement.”Operation Pleiades resulted in the arrest of a main target and one more suspect detained. Multiple property searches were carried out and an extensive amount of evidence was seized.”

The DD4BC group is specialized in extortion activities, according a number of security experts the group also blackmailed Ashley Madison users with extortion demands. Other experts consider that the DD4BC was not really involved in thi kind of activities instead.

“Drew Perry, the group chief cyber-analyst at cyber-security company Ascot Barclay seems to think this might not be DD4BC at all. “It is possible that DD4BC has changed tactics and is cashing in on the vulnerable state of the exposed Ashley Madison customers,” Perry told SCMagazineUK.com, but “since the email address source has been used in the past, prior to DD4BC existing, I suspect this is an actor simply using the DD4BC brand.”  Perry says that  the email address in question first emerged before DD4BC ever did and has been implicated in other scams, “none of which fit the DD4BC profile.”

The group started targeting the online gambling industry, later it focused its operations against companies in the financial services and entertainment sector as well as other high-profile companies.

“Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups. These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage. Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks. Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.” said Wil van Gemert, Europol’s Deputy Director Operations. 

The agents used mobile labs to inspect seized evidence.

If you are interested in the DD4BC attack give a look to the “CASE STUDY: SUMMARY OF OPERATION DD4BC” report published by Akamai.”

Pierluigi Paganini

(Security Affairs – DD4BC  group, cybercrime)