DOCUMENT: Internet, Crime

FBI: U.S. Firms Targeted In Online Sabotage Plot

"Wide range" of businesses hit in DDoS campaign

Cybercrime

View Document

Batteries Plus DDoS

AUGUST 22--A wide range of U.S. businesses have been targeted in a campaign of electronic sabotage that appears to have been launched via malicious computer networks in Russia, according to the FBI.

An ongoing federal probe is examining a series of distributed denial of service (DDoS) attacks against the web sites of American firms. The electronic assaults--which have caused losses in excess of $600,000--swamped web sites with so many requests that they were left unavailable for legitimate visitors.

The FBI’s Cyber Crimes Task Force probe began late last year after agents learned that a pair of “botnets” were behind coordinated assaults on the e-commerce web sites of several firms selling batteries, including batteriesplus.com and batteries4less.com.

An analysis of the attacks revealed that the botnets--known as “Black Energy”--revealed that they “have conducted DDos attacks against a wide range of business located in the United States,” according to an FBI affidavit sworn by Agent Richard Bilson. The botnet “Command And Control” structure was traced back to a pair of “.ru” web domains (greenter.ru and globdomian.ru), both of which were being hosted by an Internet service provider in Romania.

While the FBI affidavit, excerpted here, does not address the motive for the DDos attacks, it seems likely that the bureau’s computer fraud investigation is examining whether a business competitor was somehow involved in trying to knock U.S. firms offline.    

Both Russian domains were registered last May by an individual using a Yahoo e-mail address. With the help of Ukraine’s Ministry of Internal Affairs (Department on Combating Cybercrime and Human Trafficking), FBI agents learned that the domains were subscribed in the name of Korjov Sergey Mihalivich, a 30-year-old St. Petersburg man.

Ukraininan investigators provided their U.S. counterparts with Mihalivich’s address, phone number, date of birth, and passport number.

As part of the federal probe, agents first issued a grand jury subpoena to Yahoo for subscriber information for the e-mail account ([email protected]). Investigators subsequently secured a search warrant for the entire contents of the account. It does not appear as if anyone has been arrested in connection with the ongoing federal investigation. (3 pages)