Police Arrest Member Of Cyber Extortionists DD4BC

Police have arrested at least one member of the notorious hacker gang DD4BC, which has been waging a two year extortion campaign against banks and businesses.

The suspected member of the group was arrested after a global police operation tracked down the gang to Bosnia-Herzegovina.

Suspect Arrested

Europol, the European Union’s law enforcement agency (Europol), said that law enforcement agencies from Austria, Bosnia and Herzegovina, Germany and the United Kingdom had joined forces with Europol in the operation against DD4BC.

The UK Metropolitan Police Cyber Crime Unit (MPCCU) identified key members of the DD4BC gang in Bosnia and Herzegovina. Co-ordinated activities were also carried out by police in Australia, France, Japan, Romania, the USA, and Switzerland.

The operation resulted in the arrest of the main target, as well as another suspect who was also detained.

Police raids and searches were carried out on multiple properties and “an extensive amount of evidence was seized.”

“Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups,” said Wil van Gemert, Europol’s Deputy Director Operations. “These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage.”

“Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks,” said van Gemert. “Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.”

Europol said that Distributed Denial of Service (DDoS) attacks remain a considerable threat in the European Union and beyond. And it said the lack of any requirement on private companies and individuals to report such attacks “poses particular difficulties in law enforcement’s efforts to prosecute these cyber threats.”

DD4BC is short for Distributed Denial of Service for Bitcoin. Essentially the gang does exactly what it says on the tin.

Extortion Campaign

Last September security firm Akamai warned that DD4BC had been active since September 2014, and was increasingly targeting banks, media groups, retailers and gaming firms.

The way it worked is that DD4BC would approach a victim and demand a ransom. Failure to pay a 50 bitcoin (£8,000) ransom often resulted in the victim’s server being bombarded in a DDoS attack that sometimes reached up to more than 50 gigabits of data a second.

“DD4BC has been using the threat of DDoS attacks to secure Bitcoin payments from its victims for protection against future attacks,” said Stuart Scholly, from Akamai’s security division last year. “The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publicly.”

In November 2014 Bitalo, a German-based Bitcoin platform, placed a huge bitcoin bounty on DD4BC after a website was knocked offline for two days.

Extortion and blackmail is unfortunately a growing problem for the online world.

Last year a Swiss bank confirmed that hackers publicly divulged confidential customer information after the bank declined to pay a ransom. The attackers had hacked state-owned Banque Cantonale de Geneve (BCGE) and downloaded more than 30,000 email messages between the bank and its customers.

In June 2014, popular news aggregator service Feedly fought off a DDoS attack, hours after it refused to pay the perpetrator to stop the barrage.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

  • Yet another reason to make the use of untraceable funds such as Bitcoins illegal. In just about every area of commerce funds are tracked/monitored by law or at least have the potential to be traced back to a real person (even eBay!). Why should Bitcoins and the like be allowed as a payment resource method for serious criminal activity.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago