News websites offer bitcoin bounty over DDoS attacker

CryptoCoinNews and Hacked offer bounty of five bitcoins to catch blackmailer who is holding them to ransom with DDoS threat

In a ransom situation, is striking back the right response?
In a ransom situation, is striking back the right response?

Two websites have put up a bounty to catch criminals who targeted their websites with a DDoS attack and extortion attempt.

CryptoCoinsNews (CCN) and its sister-site Hacked are offering a five bitcoin reward for information that leads to the arrest of an extortionist targeting them with a distributed denial of service attack.

The criminal is not only threatening this attack but has also made a number of other threats to the websites. The extortionist, who goes by the name of “Jon”, sent an email to the publications demanding two Bitcoins to reveal ‘fatal security vulnerabilities' on the website while threatening to contact its advertisers to let them know the websites are down.

It was claimed by the criminal that he had access to a botnet intended for mounting DDoS attacks. The criminal launched an attack against the sites before emailing their demands. They said they were only using 20 percent of the botnet's capabilities to down the site. They added that if the payment was not forthcoming more attacks would be launched and the demand would increase to three Bitcoins.

Instead of being intimidated by the hackers, the sites increased their DDoS mitigation and decided to put out a five Bitcoin bounty on the attacker – worth about £1200 at current exchange rates.

"If you can help us identify the extortionists in a way that leads to a successful police report, you will receive five bitcoins, with gratitude," said Samburaj Das of CCN and Hacked in a posting on his website.

The publishers are requesting information on the attackers such as the attacker's ID, location, details of other attacks and any other relevant information.

Ian Trump, security lead at LOGICnow, told SCMagazineUK.com that while reward systems worked, he was concerned that when it comes to cyber-crimes, the criminal underground could be one step ahead of any reward system and use it to their advantage.

“For example, to take out their competition and increase their market share or to finance their activities. Therefore, the system would need to be monitored to ensure that it was not abused,” he said.

“A lot of cyber-crimes, especially DDoS attacks, are distributed thousands of miles away by compromised computers. Therefore, getting good intelligence on who is behind an attack and where they are located is a real problem. The level of intelligence and the assurance that would be required to be sure that you have got the right person, would to be extremely difficult. I think the intention of cash bounties is good, I'm just concerned whether it is a sensible way to go.”

Adrian Crawley, Radware regional director for Northern Europe, told SC that it might be better to invest in an appropriate defence infrastructure.

“The attackers, in most cases, are in countries where it will be very difficult to catch and arrest them. The ‘DDoS business' has a much bigger value compared to the bounty so it's doubtful this will lead to real success in catching attackers. Even if they catch one, it is unlikely to deter further attacks. The risk for them is still low as it is so easy to launch a DDoS attack today,” he said.

Dave Larson, chief operating officer at Corero Network Security, said the motivation for DDoS attacks can be wide ranging.

“Regardless of the motivations, this DDoS attack event highlights the need for a proactive defence woven into enterprise IT infrastructure, upstream hosting and internet service provider networks, in order to protect our growing dependence on online business and activity,” he said.

"Further, DDoS attacks are often used as a distraction technique for ulterior motives. They're not always intended for denying service, but rather as a means of obfuscation, intended to degrade security defences, overwhelm logging tools and distract IT teams while various forms of malware sneak by,” he added.

He said the collateral damage associated with successful DDoS attacks can be exponential. “When service providers lack proper protection mechanisms to defeat attacks in real-time, the costs associated with the outages are wide ranging and the impact to downstream or co-located customers can be devastating.”

Hervé Dhélin, worldwide marketing director at EfficientIP, said it's a good idea for people in IT to have an infrastructure in place that will absorb DDoS attacks and allow them to be ready in case an attack occurs.

“Commercial companies have to ensure business continuity and should always make sure they are proactive in dealing with attacks,” he said. “In an ideal situation, businesses will be ready so there's no need to decide whether they have to put out bounties under pressure.

“However, I think depending on the impact on the business, some will pay. Sharing data will assist law enforcers if they receive blackmail threats – this way it's always about the facts.” 

Sign up to our newsletters