hi jean-f On 12/08/15 at 11:46pm, Jean-Francois Mezei wrote:
Since the OP mentioned a "ransom" demand (aka: extortion), should law enforcement be contacted in such cases ?
simply saying "these bozo's are attempting to extort $100 from me" with their email demands probably will not get the law enforcements attention yes ... only after you have done everything you can and ready to take the attackers to court but need law enforcement to haul them into court and/or seize their computers for evidence - (ntpdate/ntpd) sync your clock so that your logs have accurate time - check the ip# of the email servers and routers it came thru you may or may not need to worry about spoof'ed ip# since they want you to get hold of them to give um the $$ - contact the abuse@-the-ISP for each of those routers and servers - traceroute the IP# of the mail servers - "whois IP#" and contact each of the ISPs - contact the ISPs that provide connectivity to your "drop off point" of where you "supposed to pay up" ... we're assuming that the dropoff point is NOT controlled/owned by the ddos attackers - since you know what time/date/etc that they threaten to attack, you should verify your data on the backup systems ( build a clone and keep it offline ) everybody ( you, the ISP, cops, etc ) can all be watching the DDoS attacks and tracing it back to the originating script kiddie or the entire extortion network you should also get secondary connectivity to watch the DDoS attacks in progress and trace it back to the originating source let them attack ( the honeypot ) so you can trace it back... tarpit all the tcp-based services so that you have 2minutes to trace the attacks back to them ... they cannot "hang up" until the tcp connection attempts times out - when everything is setup ... tell the DDoS attackers the $$$ is ready for pickup and watch the DDoS attackers attempt to collect the $$$ that doesn't really exist
Is there any experience doing this ?
yup...
Are they any help ?
nope if you don't have the info they want see .. you should make it easy for them to take action to get court orders to haul them in yup ... if the cops are trying to collect evidence "on the DDoS attackers" you'd be in luck yup ... if the DDoS attackers are large enough and/or if they're attacking the high profile victims
In North america, would that mean FBI in USA and RCMP in Canada, or local police force which then escalates to proper law enforcement agency ?
escalation starts with you to provide all the necessary info ... nobody else will be doing that work for you get hold of the security dept of your ISP and any other ISP along the traceroute and whois iP# way back to the DDoS attackers ISPs probably have their favorite agents they like to work with to chase down the xxx-most-wanted DDoS attackers magic pixie dust alvin # DDoS-Mitigator.net