Skip to main content

Bitcoin Ransom

DDoS extortion is certainly not a new trick by the hacker community, but there have been several new developments to it. Notable among them is the use of Bitcoin as a method of payment. DD4BC (DDoS for Bitcoin) is a hacker (or hacker group) who has been found to extort victims with DdoS attacks, demanding payment via Bitcoin. DD4BC seems to focus on the gaming and payment processing industries that use Bitcoin.

In November 2014, reports emerged of the group having sent a note to the Bitalo Bitcoin exchange demanding 1 Bitcoin in return for helping the site enhance its protection against DDoS attacks. At the same time, DD4BC executed a small-scale attack to demonstrate the exchange vulnerability to this method of disruption. Bitalo ultimately refused to pay the ransom, however. Instead, the site publicly accused the group of blackmail and extortion as well as created a bounty of more than USD $25,000 for information regarding the identities of those behind DD4BC.

The plots have several common characteristics. During these extortion acts, the hacker:

Launches an initial DDoS attack (ranging from a few minutes to a few hours) to prove the hacker is able to compromise the website of the victim.

Demands payment via Bitcoin while suggesting they are actually helping the site by pointing out their vulnerability to DdoS

Threatens more virulent attacks in the future

Threatens a higher ransom as the attacks progress (pay up now or pay more later)

Unprotected sites can be taken down by these attacks. A recent study by Arbor Networks concluded that a vast majority of DD4BCs actual attacks have been UDP Amplification attacks, exploiting vulnerable UDP Protocols such as NTP and SSDP. In the spectrum of cyber-attacks, UDP flooding via botnet is a relatively simple, blunt attack that simply overwhelms a network with unwanted UDP traffic. These attacks are not technically complex and are made easier with rented botnets, booters, and scripts.

The typical pattern for the DD4BC gang is to launch DDoS attacks targeting layer 3 and 4, but if this does not have the desired effect, they will/can move it to layer 7, with various types of loopback attacks with post/get requests. The initial attack typically lies on a scale between 10-20GBps. This is rather massive, but often not even close to the real threat.

If a company fails to meet their requests, and if that company does not migrate this attack through various anti-DDoS services, the group will typically move on after 24 hours of a sustained attack. But you should not count on this pattern to manage your cyber security tactics.




Source by Kanishk Tagade

Popular posts from this blog

The Basics of Cryptocurrency and the Way It Works

In the times that we're living in, technology has made unbelievable advancement as compared to any time in the past. This evolution has redefined the life of man on almost every aspect. In fact, this evolution is an ongoing process and thus, human life on earth is improving constantly day in and day out. One of the latest inclusions in this aspect is cryptocurrencies. Cryptocurrency is nothing but digital currency, which has been designed to impose security and anonymity in online monetary transactions. It uses cryptographic encryption to both generate currency and verify transactions. The new coins are created by a process called mining, whereas the transactions are recorded in a public ledger, which is called the Transaction Block Chain. Little backtrack Evolution of cryptocurrency is mainly attributed to the virtual world of the web and involves the procedure of transforming legible information into a code, which is almost uncrackable. Thus, it becomes easier to track purchases

Hi all, ETH & ERC-20 on the best DEX - Switcheo!!! Check out this video from yesterdays’ beta test.

submitted by /u/imolev [link] [comments]

Devcon4 Live Stream Links + Agenda + Mega Thread

IT'S THE MOST WONDERFUL TIME OF THE YEAR DEVCON!!!!! I am excited to fill you all in on our livestream and agenda options this year! :) Agenda We have a mobile app this year ! It has stuff like a schedule, conference maps, personal schedule, and more! We also have a desktop version of that mobile app with some removed features . We also have a Google Sheets version of the agenda for those who prefer that. Livestream This year we have SlidesLive providing live streams of the Main Stage (Spectrum). The link to the Devcon4 Main Stage live stream is https://slideslive.com/ethereum/live . LivePeer is live streaming various breakout sessions and other talks throughout the day at http://devcon4.tv/ Recordings of Talks If you've checked out the agenda you can see that we have a toooonnn of content this year. It is not logistically possible to live stream every room this year, but we are taking recordings of some rooms. The following rooms will have their talks recorded: Spe