Caught a hacker, put "Habrahabr" using DDoS

Extortionist attacked many sites of the Runet this spring

The Khoroshevsky Court of Moscow sentenced a Togliatti resident to 2.5 years ’imprisonment, reports TASS . Also, the hacker will have to pay a fine of 12 million rubles to the injured parties on account of damages. The attacker extorted money from several Russian sites, including Habrahabr, Rutreker, Freelance, and Tinkoff Credit Systems Bank.

Since March 25, 2014, several popular Runet resources have undergone DDoS attacks, which led to interruptions in work. Responsibility assumed grouping Pump Water Reboot . Communicating with hackers took place publicly - through the Twitter microblogging service account, which gave the group a special swagger.

On the morning of March 27, under the attack slave " Habrahabr ." At that time, the site was not yet divided into two resources, so the productivity in offices has increased .

Start attack on habrahabr.ru

- Pump Water (@PumpWaterReboot) March 26, 2014

The attack power was 20 Gbps.

From the night #habr and all TM projects under 20GB / ddos

- Denis Kryuchkov (@deniskin) March 27, 2014

The system administrator "Habrahabra" recalls how it was:
')

At night, incoming UDP traffic came to uplink, immediately scoring external channels. When we sent the attacked addresses to the blackhole, a fan attack began on the subnet (or rather, on all subnets detected by the intruder). Thus, the attacker put our backbone. During the night, we replaced almost all the blocks of IP addresses, and then allowed traffic through Qrator. Along the way, we found several architectural vulnerabilities that were fixed. When I returned to service, I do not remember, in my opinion, for dinner the next day.

It is reported that employees of the "K" Department of the Ministry of Internal Affairs of Russia went to the organizer of the attacks in July of this year. The latest posts in the @PumpWaterReboot account are dated April 14th.

The hacker group organized DDoS attacks on the websites of Rutracker , three Russian banks, news agencies, print media, telecommunications companies and even Kaspersky Lab.

The attacker was a 19-year-old student of the faculty of information security. His real name is not reported. During the search at his place of residence, computer equipment, mobile phones, information carriers and other objects testifying to illegal activities were found and seized.

Judging by the tweets and police reports, Pump Water Reboot demanded a thousand dollars for stopping DDoS.

@deniskin DDoS-attack is conducted on you. To stop it you have to pay us $ 1,000.

- Pump Water (@PumpWaterReboot) March 27, 2014

At the end of March, the creator of “Habr” Denis Kryuchkov expressed hope that they would catch the intruders.

The attack began at night. In addition to this message on Twitter, 1000 bucks did not ask for anything. The Qurator guys say that the handwriting and attack pattern is similar to the attack on the Tinkoff Bank. Who it was - the devil knows. As far as I know, the guys from Group-IB are already looking for them. Hope to find.

It's funny that Oleg Tinkov answered the hacker in his usual manner.

Six months ago, @PumpWaterReboot alone also went against us and wrote to us, for 6 months already in the SIZO, I wanted to hang myself. The young guy is 26 years old, sorry

- Oleg Tinkov (@olegtinkov) March 25, 2014

DDoS (Distributed Denial of Service) is a type of attack on network resources associated with the overload of their computing power and connection channels with a large number of requests from multiple computers, which makes protection difficult. In practice, this is often expressed in sending a large number of requests from botnet computers to the server being attacked, which leads to its overload. Both the attack itself and the defense against it are not cheap.