The Sleuths are always looking for cyber attacks forHire Services
Big Pipes: What Happens When Booters Get Left Behind? The Big Trouble comes at a Time: Back at Nixon, Peterson, and Back
Big Pipes detectives have tracked, measured, and ranked the output of zombie services that allow their customers to attack enemies with disruptive floods of data. Private sector members of the group dig up leads that they relay to the group’s law enforcement agents and prosecutors. Together, they worked to initiate a takedown operation in December 2018 that led to the arrest of three hackers and knocked a dozen booter services offline. Six people were arrested and 49 websites were taken down as the result of the work they did last December, in the biggest bust of its kind.
Four months after the group launched a project called Power Off, yesterday’s revelations suggest operations may be speeding up. The leader of a security research team at Cambridge University says that Big Pipes is still watching the booters, which is a big deal. “We’re hoping that some of the people who were not taken down in this round get the message that perhaps it’s time they retired,” says Clayton. If you weren’t seized this time, you could conclude you pushed up your chance of being investigated. You might not want to wait and see what happens.”
At the Slam Spam conference in Pittsburgh in 2014, Allison Nixon met with the FBI agent who was involved in the Game Over Zeus case and that is when the idea for Big Pipes was born. Nixon suggested to Peterson that they collaborate to take on the growing problem of booter services: At the time—and still today—hackers were wreaking havoc by launching ever-growing DDOS attacks across the internet for nihilistic fun, petty revenge, and profit, increasingly selling their attacks as a service.
In some cases, attackers would use botnets of thousands of computers infected with malware. In others, they’d use “reflection” or “amplification” attacks, exploiting servers run by legitimate online services that could be tricked into sending large amounts of traffic to an IP address of the hackers’ choosing. When choosing a booter service, an avid game player might choose to pay a fee for a subscription that would allow them to hit their rivals with multiple attacks. Those DDOS techniques frequently caused serious collateral damage for the internet service providers dealing with those indiscriminate floods of traffic. In some cases, DDOS attacks aimed at a single target could take down entire neighborhoods’ internet connections; disrupt emergency services; or, in one particularly gruesome case, break automated systems at a chicken farm, killing thousands of birds.
Bad Magic: How big are targeted attacks? Santos, a researcher with Malwarebytes, discusses the findings of a recent investigation
“We were surprised about how big these targeted operations were, and they were able to gather a lot of information,” says Roberto Santos, a threat intelligence researcher at Malwarebytes. The investigation began with the help of a former colleague, who first identified Red Stinger activity. The fact that they were getting real microphone recordings from victims and data fromusb drives is unusual, even past targeted surveillment.
Researchers from the security firm Kaspersky first published about Operation 5 in late March, naming the group behind it Bad Magic. Kaspersky similarly saw the group focusing on government and transportation targets in eastern Ukraine, along with agricultural targets.
“The malware and techniques used in this campaign are not particularly sophisticated, but are effective, and the code has no direct relation to any known campaigns,” Kaspersky researchers wrote.
In the past it’s happened with different attackers that they have the same disease. They were undetected since 2020, so they got lazy.
