Bitcoin Forum

http://bitcoinmagazine.net/walletbit-under-ddos-1000btc-demanded/
DDOS extortion for a Bitcoin ransom could be the next big crime wave. I am sure that DDOS attacks are illegal to begin with, they take on a new dimension with extortion for a significant amount of money. Depending on whether or not Bitcoin is considered money, this could mean that law-enforcement agencies may be looking at a new threat vector with cyber-crime.

No longer are DDOS attacks done out of politically driven protest, they are now in the business of racketeering.

Perhaps this is where vigilantism will respond. I wonder what some individual might do to a known DDOS attacker for 1K BTC if it was anonymously offered? This will be interesting to see how it unfolds.

It doesn't seem like it would work.

You pay and they continue... then what?

If the DDoSer linked themselves to a psudo-identity they could build a rep for not doing that.

But it's still ridiculously unstable because once you pay you are a better target. Oh, n/m about the psudo-identity, they can just pretend to be someone new DDoSing you.

Odd to me that they would try for such a high amount in this case. Without knowing much about WalletBit it makes me wonder if the ransom is just weak cover for someone doing it out of spite.

Why pay the ransom at all? Why not offer an anonymous bounty to have someone pay a friendly visit to the attacker's home? That would make the attacks stop permanently. I'm not saying that they should, but the attacker needs to think about the repercussions of their actions.

Again, even if they pay, in a high profile case like this it's going to be hard to find places to spend those Bitcoins because of their traceability.

They should offer a 200btc reward on the attackers heads  :D

This is sadly already common in the poker world, HYIP forums, etc.  It was only a matter of time :(

I think somebody has already tried DDoS+ransom on MtGox, a while ago, IIUC.

If I am going to DDos you I am not going to do it from my own house.  The attack is also going to come from many sources too, hence the second D in DDOS.

With as many stupid people out there with unsecured systems, it's way too easy to set up an army of zombies to do ones bidding, it would be very hard at very best to track an individual like this down unless they were stupid enough to brag about doing the attack.

Aaron

indeed, thats what I'd expect to happen.


Then, after some time, the victim happens to encounter a friendly and helpful person with lots of connections
into "the scene", which points out (s)he can figure out who is behind those attacks and maybe help the victim
stopping them discretely for a way smaller "fee"....

Maybe it goes on even more subtle, along the lines that the victim just ends up doing "business" with the "angle",
you know, that kind of business which is more profitable for the "angle" and more risky for the victim. Surprisingly,
since the victim engaged into that business, those attacks will cease....


And the fun fact is: suddenly all those state-haters and freedom lovers start yelling for law enforcement

This is nothing new, pool operators receive these type of threats all the time. Nobody pays, and the ddos waves hit the shore.

May be speculation, because of recent hacker attacks too much, and too regularly, you feel it

I actually think that DDOS attacks on Bitcoin financial and mining sites will continously escalate as Bitcoin itself grows. I suggest that countermeasures be developed (for law enforcement use, of course) to track down attackers. Also, Bitcoin sites will need to develop new hardening and stealth (decentralization) technologies to defend against attack.

I'd take them.

In America, they don't have Internet access in prison.

Anyone got mnemonics/short hand or something that would allow a person to create and sign transactions in prison?  Then send them out to someone you can trust enough to broadcast to network (but perhaps not enough to keep your private keys.)

Tattoo's.

I remember reading an article on online casinos that have this problem.  The criminals did not ask for bitcoins, just USD by wire transfer like through western union.

Could not find the original article, but here is another one:
http://www.blackjackchamp.com/casino-news/15733-online-gambling-sites-face-extortion/

i don't understand the logic here very well

i think principle would tip the edge for taking a beating, rather than handing over money, since income is being crippled either way

If nothing else, over time, this will encourage those developing infrastructure and network protocols to evolve the internet to have abilities to rapidly mitigate them.

It's a pointless game that has been played out many times against bitcoin services and is not new for the rest of internet exposed businesses. As you say it is much better to jsut ignore them and tighten up your anti ddos measures.

Not to mention the longer they maintain a ddos the more likely they are to get caught. Its only a matter of time before their c&c is given up by one of the zombies and they are found or shut down from there.

Hmm, doesn't sound very intimidating.  Why would cybercriminals target such a tiny place anyway?  Is DDOS that cheap nowadays?  Hmmm....

*registers BitCannon.ru*

*creates site that automates the DDOS<->extortion<->BTC process*

When somebody is DDOSING with his botnet he will likely loose a lot of bots.
So i would think, its not a thread at all, maybe for a few days or weeks but a botnet operator would need to be sure to be compensated to move these resources.
Guess, there are hundreds of ways for a botnet owner to monetize.


As a pool operator its much more important to care about the server security and the latest 0days, for example the plesk 0day a month ago or so was really ugly.

Would it solve DDoS threats to put all services in Tor? Isn't it kinda DoS-proof?

Im not knowledgeable enough to give a concrete statement, but, if its hosted like silkroad for example the bots would probably need tor, so the botherder would need to install tor on them to be able to ddos as i understand it.
If thats correct the question should be is the tor network fast enough?
How much effort is it for a botherder to run tor on his bots?

https://www.eff.org/keeping-your-site-alive

So is bitpay still under attack and still down?

It appears they are adding DDOS protection, they probably are creating a mirror right now.

I suggest everyone creates back-ups NOW, and start looking at DDOS protection.

Beside bulletproof hosting, there are also services like cloudflare, isnt that an option?

I'd like to see a bulletproof web hosting servers created by and for the bitcoin community

I'd sign up!

BitPay is back. excellent work!

Not for me.

the site should be up now.  Lets see if the attacker can get through Cloudflare this time.

On another site i have read that they use cloudflare resolver to figure the real ip. I could gather such a tool if youre interested, however, could be a fake soft tough.

I really dont know soo much about this stuff but i find it very interesting as im about to launch a pool.
Just starting to read in this topic, intersting keywords too are cloud hosting, managed firewall and load balancer.

Seems like there is a demand for a "Protection Business" ... pay some regularly and you get security services for your site that may include things like unspecified counter-attacks against attackers and other black arts that could serve as deterrents against would-be threats.

Nope. Doesn't work for me.

EDIT: works now.

Is this a serious proposal??

In real world this pattern is known as racketeering: put a shop on fire and then offer protection to the threatened owner. Do we really want Bitcoinland go that route?

Semi-serious. In the real world it is known as "advanced" policing or mafioso tactics ... take your pick.

CloudFlare is free (http://www.cloudflare.com/)

i doubt you can compete with that...  :P

Do they take bitcoin?  :D

No one should ever pay a DDOS ransom. Eventually you can quell the attack with multiple solutions. DDOS is unsustainable and is a US Felony.

mining pools were DDOS for ransom back in the day. they just moved to a host that provided DDOS protection.

I just think it's such a shame, that you have to hide behind all sorts of protection, even when you run a descend business in which people depend on to put food on their table.


Thank you for bringing this to my attention. It seems I made the correct choice of building my own solution based on amazon ec2 implementation and applying custom firewall rules to prevent this DDoS.

My only regret is that I did not foresee the size of this attack as it caught me totally off guard.

Any chance you could publish a blacklist?

Assassination Market (http://en.wikipedia.org/wiki/Assassination_market)

The first time some chronic DDoSer, whether an extortionist, "political activist" or idiot script kiddie is found slashed from his groin to his solar plexus, 90%+ of people who have ever launched even a single attack will go find a new hobby.  

Been saying this for 15+ years about malevolent hackers; while society itself seems inclined to give them a free pass, I think that the fact that despite huge leaps in technology, no group has ever taken on a serious criminal organisation speaks volumes about what their real level of confidence against reprisals is.  


Frank

3 pages later, I bet this has been posted but tl;dr.  DDOS = a lot of PCs.  If they control them, couldn't they just use them all for mining instead of targeting them at a server for extortion? :P

CPU Mining is so worthless, even with a botnet of average PCs. You could make way more money by DDOSing or just stealing user info. There's already been Bitcoin mining botnets discovered.

Also, mining may slow the PCs down more which could potentially reveal to the user that they are infected or even drive them to get rid of the infection.

This is true, even using botnets to mine its not worth the time. DDOS and identity theaft much more profitable.

We do not negotiate with DDOS attackers. Simple really.

Prolexic has it covered...

https://i.imgur.com/3sBWv.png

How do people stop DDOS attacks anyway?  Is it like a separate box or proxy laid down in the chain of connected stuff that auto-ignores requests from any IP sending way too many requests at a much faster speed than the server could or something?

BitPay is back from their DDOS now. Any information on whether they paid their way out, and if so, how much?

A lot of little strategies, rather than one big obvious fix.  DDoS typically involves flooding of some type of traffic.  A simple DDoS might be a flood of TCP/IP open-a-new-connection packets, designed to confuse and overload OS kernel networking software.  Other DDoS's are simply a massive amount of valid traffic, i.e. sending HTTP requests to compute-intensive script on the web server, over and over again, hundreds of thousands of requests per second.

Each DDoS is different.  The traffic sources may come from different parts of the world, originate from different ISPs.  They may originate from a criminal DDoS black market, where armies of "zombie" machines may be rented by the hour to perform DDoS attacks.

One thing is certain, though:  there is very little economic reason to pay DDoS ransoms, as that simply serves as a clear economic signal that you are a mark, and can possibly be taken for even more money.  Paying ransoms encourages further DDoS.  Criminal parasites don't need your business to be profitable and sustainable.

Typically a business will take unspecified technical steps themselves, or hire a security firm or DDoS-proof hosting firm to do it for them.

Sometimes it is possible wait out a DDoS, but that's not realistic for most web businesses/services.  It could take weeks or months, as the cost of zombies is probably below the several-thousand-bitcoin payout that other thieves have seen in the bitcoin press headlines.

Ridiculous.  Walletbit? 
I thought gambling sites were always the best targets for would-be DDOS extortion thugs.
 

Sorry, I don't store much logs because of people wanting to be anonymous. So they are probably already overwritten. The important thing is that the service was running again after only 48 hours from Saturday to Monday, while still being DDoS'd