Skip to content ↓ | Skip to navigation ↓

A group of security researchers and law enforcement officials are threatening to launch a full investigation into the DDoS for Bitcoins (DD4BC) attack group if it continues to target banks.

DD4BC is known for launching small- to mid-size DDoS attacks against its victims and threatening even larger, more prolonged attack campaigns unless they pay a ransom in Bitcoin. In addition to targeting banks, the group has went after well known Bitcoin exchanges. Two in particular, Bitalo and Bitmain, have helped fund a bounty for any information regarding DD4BC.

According to Roland Dobbins of Arbor Network’s security engineering and response team, the law enforcement and security communities are interested in bringing down the group before it has the opportunity to target any more financial organizations.

“There is a very, very active posse who are trying to identify the actor, and intelligence agencies in some jurisdictions are after DD4BC,” Dobbins recently told the AusNOG conference in Melbourne, Australia, as reported by The Register. “There is no jurisdictional taskforce setup yet as far as I know, but there are some closed, vetted operational security groups trying to track down the threat actor. I think DD4BC is one person who is reasonably tech savvy but not an innovator. The attacker will escalate the probe into a full investigation if they continue to hit banks.”

ssdp reflection/amplification
One of DD4BC’s tactics: SSDP Reflection/Amplification Attacks (Source: Roland Dobbins)

DD4BC generally issues extortion demands that range in value from 1 to 100 Bitcoins, or approximately $227USD to $22,700USD, reveals a slide deck developed by Dobbins on the group.

News of a possible investigation into DD4BC follows the release of Verisign’s Q2 DDoS Trends Report, which in part analyzes DD4BC and observes that the group is likely comprised of relatively few people. The report estimates that DD4BC probably has five members or fewer.

Other notable findings of the report include the fact that attacks over five Gbps accounted for approximately 20% of all DDoS campaigns and that 34 percent more attacks were mitigated in the first half of 2015 than in the same period of 2014.