Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

FBI reveals $600,000-plus Russian DDoS sabotage plot

According to The Smoking Gun newswire, the FBI is investigating a series of DDoS attacks against a number of key businesses with an online presence, generating losses of more than $600,000.

The newswire says that the FBI’s Cyber Crimes Task Force investigation started late last year after its agents learned that a pair of botnets were behind coordinated assaults on the e-commerce web sites of several firms selling batteries, including batteriesplus.com and batteries4less.com.

An analysis of the attacks revealed that the 'Black Energy' botnets have been scanning and DDoS-ing a number of businesses, with command-and-control servers located in Romania at greenter.ru and globdomian.ru, says the newswire, adding that both domains were registered in Russia last May.

“With the help of Ukraine’s Ministry of Internal Affairs (Department on Combating Cybercrime and Human Trafficking), FBI agents learned that the domains were subscribed in the name of Korjov Sergey Mihalivich, a 30-year-old St. Petersburg man”, notes The Smoking Gun.

Commenting on the reports, Jeff Edwards, a research analyst with Arbor Networks, said that the Black Energy botnet spent about a week attacking the websites of four different online retailers specialising in horse saddles and related gear.

“The week before that, the same botnet was going after three different online merchants of skin care products. And the week before that, it was attacking three different vendors of 'Ed Hardy' brand clothes”, he said.

“This botnet - like others powered by Black Energy - seems to operate in week-long cycles in which they attack a particular set of companies affiliated with the same segment of industry or commerce”, he added.

Edwards went on to say that Arbor has seen this pattern in all kinds of different market segments, including power tools, online pharmacies, online sportsbooks, accountants and wheelchair vendors and, whilst his team has not their resources digging that deeply into the motives behind the attacks, “one (unproven) conjecture is that the botmaster rents out his botnet to people who want to slow down the online competition.”