A short interview with one of December’s most active DDoSer. On December 27, Coinbase, a Bitcoin exchange market and wallet service, and on December 28, Blockchain.info, another similar service, suffered DDoS attacks that brought some of their servers offline.
The attacks were carried out by two hackers, An0CBR and L7, who also seem to have participated in the DDoS attacks against the Steam network.
While many hacking outfits tweeted that they were responsible for the attack, most of them mysteriously deleted their tweets the days following the Steam DDoS, leaving only the An0CBR and L7 messages, which also seem to coincide with the moments when the Steam Store started to experience problems.
An0CBR: I attack Bitcoin sites on the regular
We got in contact with one of the hackers, An0CBR, and had a quick talk about what really happened, since he seemed to have had quite a busy holiday season.
“Yes, I attack Bitcoin sites on the regular,” said An0CBR to Softpedia. “Sometimes I get paid and other times I don’t like the website, so I cause havoc. I’ve carried out attacks on websites and have not claimed it publicly. A few days ago Blockchain[.info] was down. That was me.”
Most of the time An0CBR’s attacks are only his own, sometimes he’s joined by L7, but his Twitter timeline reveals quite a collection of targets.
He was behind attacks against PayPal on Cyber Monday, the BBC, Tumblr, PornHub, and various news sites. By the number of times he said “I smoke the loud” in his tweets and DMs, some tomfoolery may be involved, but some attacks have a serious tone as well and are definitely part of a bigger agenda.
You don’t need a big cannon, you just need to know where to aim it
Sometimes we get fooled by reports from cyber-security firms that claim to see regular DDoS attacks of 100+ Gbps. What we don’t realize is that there are five to ten of these attacks per year, and most of the times nobody claims responsibility for them, being state-sponsored.
All the damage done this past month by An0CBR was carried out with far fewer resources.
“I am using Medusa IRC malware. I used 1K Windows machines to down Coinbase and Steam,” An0CBR told Softpedia. “Actually, I’ve downed Coinbase with 100 machines.”
All of these allow him to launch 10Gbps attacks using Layer 4 UDP. But he didn’t use Layer 4 attacks. An0CBR said that all attacks that downed all the aforementioned services were carried out via Layer 7, but didn’t want us to list his capabilities for these types of attacks.
From a tweet sent out on November 30, the PayPal attack was actually a test run of his newly acquired botnet. A few days later, his friend L7 also posted a YouTube video of one of the attacks on Steam from the start of December. That’s about where their social media presence ends. Unlike many other hackers, they seem to tweet very rarely and aren’t that preoccupied with having their names etched in Steam lore like LizardSquad did.