Akamai is known for helping enterprises provide secure, high-performing user experiences. The company recently released a case study about distributed denial of service (DDoS) attacks from the Bitcoin extortionist group DD4BC, based on attack traffic targeting it's customers.
Attack traffic from DD4BC (DDoS for Bitcoin) began in September 2014. Since April 2015, the Akamai team and it's partners identified that 114 DD4BC attacks had taken place, and more aggressive measures are being employed. DD4BC now threatens to expose a targeted organization via social media, in addition to the damage caused by the DDoS attack itself.
"DD4BC has been using the threat of DDoS attacks to secure Bitcoin payments from its victims for protection against future attacks," said Stuart Scholly, Senior Vice President & General Manager, Security Division at Akamai. "The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publically."
Victims of the attacks receive emails from varying addresses, and the type of email received depends on the targeted organisations level of DDoS security. “Please note that it will not be easy to mitigate our attack. because our current UDP flood power is 400 - 500 Gbps, so don’t even bother. At least, don’t expect cheap services like CloudFlare of Incapsula to help… but you can try. :)” DD4BC states in some of the emails.
“We do bad things, but we keep our word.”
The group continues to advise their targets that small demonstrative attacks were being run, but not hard enough to crash the site. “It’s just to prove that we are serious. Check UDP traffic. :)”
The groups first campaign stands as the highest bandwidth DDoS attack confirmed as DD4BC thus far. The 56Gbps generated solely by a UDP flood attack is "fairly large," according to Akamai. "Still, this DDoS attack falls short of the 400 – 500 Gbps claimed in the emails."
Akamai advises that the nature of DD4BC, and its successes, should be taken seriously. “This modus operandi is similar to an express kidnapping, where criminals demand a small ransom that victims or companies can pay easily.”
The group gives instructions for the payment of 25 BTC, how it can be acquired and where the amount can be sent. “But if you ignore us, and don’t pay us within a given time, long term attack will start, price to stop will go to 50BTC and will keep increasing for every hour of attack,” reads the extortion email.
“Anomaly-based and signature based DDoS detection methods should be deployed to detect attacks before the site becomes unavailable to users. resources should be distributed to avoid single points of failure due to an attack and to increase resiliency to attacks. Layer 7 DDoS mitigation appliances should be deployed on the network in strategic locations to mitigate the DDoS threat to critical applications servers.”
Akamai also expressed concerns that copycats will soon enter the game, therefore increasing these attacks. “In fact, copycats may already be sending their own ransom letters, piggybacking on the reputation of DD4BC.”
The targets for ransom demands are typically selected based on their anticipated reluctance to involve law enforcement. Some have taken matters into their own hands offering bounties for the capture of the perpetrators. Bitalo have listed a bounty on BitcoinBountyHunter, a site started by Bitcoin Evangelist and Venture Capitalist Roger Ver.