Extortion is a term that comes up often in the news when criminals, especially gangs, are arrested. It is simply when someone threatens someone else with harm if they don’t do something. Most of the the time, that “something” is pay a sum of money. While extortion is usually done in person or over the phone. However, in the digital age, cyber extortion is also a thing. Cyber extortion has been the bread and butter of cyber gang DD4BC (DDoS for Bitcoin), which has been in operation since September 2014. Their main targets are financial institutions.
The group’s main tactic is to use what are known as Distributed Denial of Service (DDoS) attacks which, on average, were able to pipe about 13.3 gigabits of data every second (gbps) towards victims. The average connection that most firms have to the net can run at a speed of about 10gbps, said Akamai, so such an attack would completely overwhelm that link.
The largest attacks seen by Akamai involved more than 56.2 gigabits of data per second – far more than most companies could cope with.
Analysis of the attacks DD4BC had carried out showed it was using 10 separate methods of generating DDoS data floods. One method exploited weaknesses in the WordPress blogging tool to bounce data at targets.
DD4BC contacts financial firms by email, demanding that they pay anywhere from 25 to 50 bitcoins (which converts to about $6,000 to $12,000) with the threat of flooding their sites with data. To keep their websites stable, companies are likely to pay up. Though it is possible to protect against data floods by filtering data, complying with DD4BC is less of a headache.