The FBI has requested that US victims of DDoS attacks share the details of the experience, regardless of the scale of attack or financial impact to the organization.
According to its statement, victims will be asked to share descriptions of losses incurred through the attack, as well as the traffic protocol and IP addresses used by the attack and “any extortion/threats pertaining to the DDoS attack.”
Claiming that DDoS “for hire” services, also known as booters or stressers, are considered a crime if they are used against a website without the owner’s permission.
“These services are obtained through a monetary transaction, usually in the form of online payment services and virtual currency,” the alert said.
“Criminal actors running booter and stresser services sell access to DDoS botnets, a network of malware-infected computers exploited to make a victim server or network resource unavailable by overloading the device with massive amounts of fake or illegitimate traffic.”
The FBI has requested that DDoS victims contact their local FBI field office and/or file a complaint with the Internet Crime Complaint Center (IC3), regardless of dollar loss or timing of incident.
In May, the FBI was asked by the Federal Communications Commission to investigate a DDoS on its website, which was rumored to be linked to the satirical news program "Last Week Tonight", after host John Oliver encouraged viewers to flood the page with visits and comments after an article on net neutrality.
Kirill Kasavchenko, principal security technologist, EMEA at Arbor Networks, told Infosecurity: "It is good to see that FBI is encouraging DDoS victims to preserve and share collected evidence in available formats. The collected evidence in most cases is enough to make a firm judgment on whether the incident was a result of internal problem with hardware or software, a result of external problem, e.g. a service provider outage, or a real DDoS attack. In the latter case, providing this evidence not only allows law enforcement agencies to understand attack profiles and provide recommendations about improving defenses, but also, to some extent, it allows authorities to trace back infrastructure used by threat actors."
“We fully support recommendations to never pay demanded ransoms and we have been always advocating against paying to extortionists. Once a victim pays, there are absolutely no guarantees they will not be threatened again, however it is very likely that ransom will be invested into attacking infrastructure and new capabilities that at the end of a day will target broader range of victims with new threats.”
In a letter to then FBI acting director Andrew McCabe, five senators asked that the FBI “prioritize this matter and investigative the source of this attack” as “any cyberattack on a federal network is very serious”, closing with “This particular attack may have denied the American people the opportunity to contribute to what is supposed to be a fair and transparent process, which in turn may call into question the integrity of the FCC's rulemaking proceedings”.