DDoS Protection , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development

Police: DDoS Provider Targeted Google, Pokemon, Skype

British Man Charged With DDoS Disruptions, Selling Malware and 'Crypters'
Police: DDoS Provider Targeted Google, Pokemon, Skype
The Birmingham Magistrates' Court in Birmingham, England. (Photo: Elliott Brown via Flickr/CC)

A 21-year-old man appeared in British court this week to face charges related to a number of cybercrime offenses, including helping to disrupt high-profile websites.

See Also: Inside Matrix and Emotet: How They Work, and How to Defend

Alex Bessell, from Liverpool, England, was accused of earning more than $700,000 (£530,000) since 2011 by selling malware as well as "crypters" that are designed to repack malware to better evade anti-virus software scanners.

Bessell has also been accused of infecting and controlling more than 9,000 "zombie" PCs and using them "to orchestrate distributed denial-of-service attacks on firms like Skype, Pokemon and Google in an attempt to crash their online operations," according to police.

After he appeared in court on Monday, a judge ruled that Bessell's case would be transferred to crown court, where he's due to appear later this month. In England, most cases begin in magistrates' court, but more serious cases often get transferred to crown court.

DDoS Charges

Bessell faces 11 charges, including unauthorized access to computers, impairing the operation of computers, making and supplying malware and money laundering, law enforcement officials say.

The charges were filed following an investigation conducted by cybercrime detectives at the Regional Organized Crime Unit, or ROCU, for England's West Midlands region, based in Birmingham.

While the list of charges against Bessell released by police do not explicitly accuse him of functioning as a DDoS-as-a-service provider, that is often how DDoS disruption capabilities get monetized (see FBI to DDoS Victims: Please Come Forward).

Web Business: Aiobuy

Police say Bessell has also been accused of "setting up the web business 'Aiobuy'" as well as making false statements to Companies House, which is the United Kingdom's registrar of companies.

On March 20, 2015, Bessell incorporated "Aiobuy" via Companies House. But after receiving a warning in June 2016, the company was dissolved in August 2016 via a "compulsory strike-off." Unlike a voluntary strike-off, in which a company's directors typically will apply to Companies House to close down their company, a compulsory strike-off means it has been initiated by authorities, perhaps because a firm has not paid its taxes or other creditors.

It's not clear just what services Aiobuy might have offered or if the firm helped Bessell amass his alleged earnings.

But in March 2015, a new user with the handle "AlexTM" announced to the Bitcoin Forum site's project development section the launch of "an autobuy service called aio-buy" at the "aiobuy.net" domain.

Post on March 15, 2011, by "AlexTM" to Bitcoin Forum announcing the launch of "an autobuy service called aio-buy."

"What this website does is allow you to sell your product, no matter what it is. We enable you to sell files that will be sent to the customer after he has made his purchase, .netseal programs that will also be sold automatically, the code and download link will be sent to the client after he purchases. We also allow you to sell your codes, [so] once the customer purchases he gets sent one of the codes or logins you have added to my system," AlexTM posted.

On May 29, 2015, meanwhile, a user with the handle "AlexTM" posted to a hacker-focused social network called Hack Forums announcing that an instant payment notification feature had been added to Aiobuy (see 13 Scenes from an Irish Cybercrime Conference).

Hack Forums post by "AlexTM" on May 29, 2015, announcing the addition of an instant payment notification feature to Aiobuy.

In a potential clue as to the money laundering charges filed against Bessell, by May 2016, AlexTM claimed to have processed more than $5 million in transactions via the Bitcoin Forum.

AlexTM claimed in a Bitcoin Forum post on May 17, 2016, to have processed more than $5 million in transactions via the AIO-Buy service.

Service: DefensiveServers.com

Advertisment for DefenseServers.com posted to Hack Forums.

AlexTM's Hack Forums biography also listed "DefensiveServers.com" as being one of his sites. The holder of that domain name's registration has been obscured via a domain-privacy site.

But a post to Hack Forums dated Aug. 25, 2015, lists the site as providing shared hosting, VPN and reverse proxies among its services and also lists multiple testimonials. One reads: "Alex is a nice person and I love his services. I defnitely [sic] recommend dealing with him."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.