Bitcoin Forum
November 18, 2017, 08:58:18 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: DDOS for ransom  (Read 4690 times)
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736

Let's talk governance, lipstick, and pigs.


View Profile
September 16, 2012, 05:36:26 AM
 #1

http://bitcoinmagazine.net/walletbit-under-ddos-1000btc-demanded/
DDOS extortion for a Bitcoin ransom could be the next big crime wave. I am sure that DDOS attacks are illegal to begin with, they take on a new dimension with extortion for a significant amount of money. Depending on whether or not Bitcoin is considered money, this could mean that law-enforcement agencies may be looking at a new threat vector with cyber-crime.

No longer are DDOS attacks done out of politically driven protest, they are now in the business of racketeering.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1510995498
Hero Member
*
Offline Offline

Posts: 1510995498

View Profile Personal Message (Offline)

Ignore
1510995498
Reply with quote  #2

1510995498
Report to moderator
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736

Let's talk governance, lipstick, and pigs.


View Profile
September 16, 2012, 05:49:31 AM
 #2

Perhaps this is where vigilantism will respond. I wonder what some individual might do to a known DDOS attacker for 1K BTC if it was anonymously offered? This will be interesting to see how it unfolds.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
September 16, 2012, 06:08:01 AM
 #3

It doesn't seem like it would work.

You pay and they continue... then what?

If the DDoSer linked themselves to a psudo-identity they could build a rep for not doing that.

But it's still ridiculously unstable because once you pay you are a better target. Oh, n/m about the psudo-identity, they can just pretend to be someone new DDoSing you.

Odd to me that they would try for such a high amount in this case. Without knowing much about WalletBit it makes me wonder if the ransom is just weak cover for someone doing it out of spite.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736

Let's talk governance, lipstick, and pigs.


View Profile
September 16, 2012, 06:16:23 AM
 #4

Why pay the ransom at all? Why not offer an anonymous bounty to have someone pay a friendly visit to the attacker's home? That would make the attacks stop permanently. I'm not saying that they should, but the attacker needs to think about the repercussions of their actions.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
thebaron
Sr. Member
****
Offline Offline

Activity: 434



View Profile
September 16, 2012, 06:18:51 AM
 #5

Again, even if they pay, in a high profile case like this it's going to be hard to find places to spend those Bitcoins because of their traceability.
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
September 16, 2012, 06:31:11 AM
 #6

They should offer a 200btc reward on the attackers heads  Cheesy

jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile
September 16, 2012, 08:52:18 AM
 #7

This is sadly already common in the poker world, HYIP forums, etc.  It was only a matter of time Sad

I think somebody has already tried DDoS+ransom on MtGox, a while ago, IIUC.


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Ascholten
Full Member
***
Offline Offline

Activity: 155


View Profile
September 16, 2012, 11:56:38 AM
 #8

If I am going to DDos you I am not going to do it from my own house.  The attack is also going to come from many sources too, hence the second D in DDOS.

With as many stupid people out there with unsecured systems, it's way too easy to set up an army of zombies to do ones bidding, it would be very hard at very best to track an individual like this down unless they were stupid enough to brag about doing the attack.

Aaron

Bit Visitor      You view the page / ads and get paid. 
Coin Tube    You watch videos and get paid.
Ichthyo
Hero Member
*****
Offline Offline

Activity: 602


View Profile
September 16, 2012, 02:11:20 PM
 #9

It doesn't seem like it would work.

You pay and they continue... then what?

indeed, thats what I'd expect to happen.


Then, after some time, the victim happens to encounter a friendly and helpful person with lots of connections
into "the scene", which points out (s)he can figure out who is behind those attacks and maybe help the victim
stopping them discretely for a way smaller "fee"....

Maybe it goes on even more subtle, along the lines that the victim just ends up doing "business" with the "angle",
you know, that kind of business which is more profitable for the "angle" and more risky for the victim. Surprisingly,
since the victim engaged into that business, those attacks will cease....


And the fun fact is: suddenly all those state-haters and freedom lovers start yelling for law enforcement
CJGoodings
Full Member
***
Offline Offline

Activity: 154



View Profile
September 16, 2012, 02:12:53 PM
 #10

This is nothing new, pool operators receive these type of threats all the time. Nobody pays, and the ddos waves hit the shore.
hxtop
Hero Member
*****
Offline Offline

Activity: 735


The Chinese Bitcoin websites: www.hxtop.com


View Profile WWW
September 16, 2012, 03:19:32 PM
 #11

May be speculation, because of recent hacker attacks too much, and too regularly, you feel it

Welcome to chinese bitcoin website: http://www.hxtop.com  ;I am planing for bitcoin business in china,if you interesting mail me:swemp@qq.com or skype: swemp.chen QQ:970617
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736

Let's talk governance, lipstick, and pigs.


View Profile
September 16, 2012, 03:25:03 PM
 #12

I actually think that DDOS attacks on Bitcoin financial and mining sites will continously escalate as Bitcoin itself grows. I suggest that countermeasures be developed (for law enforcement use, of course) to track down attackers. Also, Bitcoin sites will need to develop new hardening and stealth (decentralization) technologies to defend against attack.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
finkleshnorts
Sr. Member
****
Offline Offline

Activity: 336



View Profile
September 16, 2012, 03:53:37 PM
 #13

Again, even if they pay, in a high profile case like this it's going to be hard to find places to spend those Bitcoins because of their traceability.

I'd take them.
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736

Let's talk governance, lipstick, and pigs.


View Profile
September 16, 2012, 03:56:21 PM
 #14

Again, even if they pay, in a high profile case like this it's going to be hard to find places to spend those Bitcoins because of their traceability.

I'd take them.
In America, they don't have Internet access in prison.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
scintill
Sr. Member
****
Offline Offline

Activity: 448


View Profile WWW
September 16, 2012, 05:19:53 PM
 #15

Again, even if they pay, in a high profile case like this it's going to be hard to find places to spend those Bitcoins because of their traceability.

I'd take them.
In America, they don't have Internet access in prison.

Anyone got mnemonics/short hand or something that would allow a person to create and sign transactions in prison?  Then send them out to someone you can trust enough to broadcast to network (but perhaps not enough to keep your private keys.)

1SCiN5kqkAbxxwesKMsH9GvyWnWP5YK2W | donations
thebaron
Sr. Member
****
Offline Offline

Activity: 434



View Profile
September 16, 2012, 05:48:51 PM
 #16

Anyone got mnemonics/short hand or something that would allow a person to create and sign transactions in prison?  Then send them out to someone you can trust enough to broadcast to network (but perhaps not enough to keep your private keys.)

Tattoo's.
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
September 16, 2012, 05:54:10 PM
 #17

http://bitcoinmagazine.net/walletbit-under-ddos-1000btc-demanded/
DDOS extortion for a Bitcoin ransom could be the next big crime wave. I am sure that DDOS attacks are illegal to begin with, they take on a new dimension with extortion for a significant amount of money. Depending on whether or not Bitcoin is considered money, this could mean that law-enforcement agencies may be looking at a new threat vector with cyber-crime.

No longer are DDOS attacks done out of politically driven protest, they are now in the business of racketeering.

I remember reading an article on online casinos that have this problem.  The criminals did not ask for bitcoins, just USD by wire transfer like through western union.

Could not find the original article, but here is another one:
http://www.blackjackchamp.com/casino-news/15733-online-gambling-sites-face-extortion/

Introducing constraints to the economy only serves to limit what can be economical.
Draino
Full Member
***
Offline Offline

Activity: 168



View Profile
September 16, 2012, 06:24:12 PM
 #18

i don't understand the logic here very well

i think principle would tip the edge for taking a beating, rather than handing over money, since income is being crippled either way
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1358


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
September 16, 2012, 06:28:22 PM
 #19

http://bitcoinmagazine.net/walletbit-under-ddos-1000btc-demanded/
DDOS extortion for a Bitcoin ransom could be the next big crime wave. I am sure that DDOS attacks are illegal to begin with, they take on a new dimension with extortion for a significant amount of money. Depending on whether or not Bitcoin is considered money, this could mean that law-enforcement agencies may be looking at a new threat vector with cyber-crime.

No longer are DDOS attacks done out of politically driven protest, they are now in the business of racketeering.

If nothing else, over time, this will encourage those developing infrastructure and network protocols to evolve the internet to have abilities to rapidly mitigate them.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
September 16, 2012, 06:35:33 PM
 #20

i don't understand the logic here very well

i think principle would tip the edge for taking a beating, rather than handing over money, since income is being crippled either way

It's a pointless game that has been played out many times against bitcoin services and is not new for the rest of internet exposed businesses. As you say it is much better to jsut ignore them and tighten up your anti ddos measures.

Not to mention the longer they maintain a ddos the more likely they are to get caught. Its only a matter of time before their c&c is given up by one of the zombies and they are found or shut down from there.

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!