DDoS Attack Investigation
A distributed denial of services (DDos) attack is an attack on an online resource in order to suspend its activities or make it difficult to access. In addition to prompt responding to the client’s request and suppressing the DDos attack, Group-IB’s experts offer investigative services which will help the affected companies to identify the attackers and arraign them.
In order to assess the possibility of an investigation, only the data on your equipment recorded during the attack will be necessary. A preliminary analysis will reveal the territorial distribution of the network of infected computers (botnet) that attacked you, and the estimated location of the attack’s executor. Group-IB’s experts perform the following range of services related to DDoS attack investigation:
- assessing the botnet’s territorial distribution;
- searching for the botnet’s control center;
- acquiring evidence that a given botnet attacked your resources;
- establishing the identity and location of the person controlling the botnet;
- documenting and packaging all available information to be sent to law enforcement and judicial authorities.
During the preliminary stage of the investigation the client will quickly be provided with a map of the botnet used in the attack. Since the executor of the DDoS attack may be a foreign citizen, this information should help the client in assessing the feasibility of further investigation in a situation where an attacker is physically located in another country.
If the attack is accompanied by extortion, our legal team will properly document this fact and use the collected information for the legal prosecution of the attacker. A correct and well-documented instance of extortion will always allow for quicker finding of the attacker.
DDoS Attack Investigation
During the investigation, Group-IB determines the identities and physical locations of the persons controlling the botnet or servers used in the DDoS attack. The identity of the attack’s initiator may only be determined after the successful identification of the executor. At the conclusion of all activities, the client is presented with a comprehensive report, which includes:
- restored event timeline;
- detailed descriptions of each step of the investigation with supporting materials;
- identity information of the DDoS attack executor;
- information of the executor’s physical location;
- recommendations for further legal proceedings against the perpetrators.
Based on the results of the investigation, the client may opt to engage our legal support team in order to begin legal proceedings against the established perpetrators. We always recommend employing our legal support services while investigating DDoS attacks. This ensures the perpetrators face inescapable responsibility for the offenses committed, warranting highly probable compensation for damages, thus significantly reducing financial and reputational risks.
DDoS Attack Investigation
Each DDoS attack investigation requires an individualized approach, although the goal is always the same: to identify the persons responsible and arraign them. As a result of the DDoS attack investigation performed by our experts, you will receive:
- The ability to seek compensation for damages. Compensating the damages is only possible when the perpetrator has been identified. The major aim of the incident investigation is to find the persons responsible, determine their location, and arraign them.
- The restoration of justice and reputation. Identifying the perpetrators allows for bringing them to justice, and, consequently, restoring justice and reputation in the eyes of your partners and competitors.
- Identification of an unfair competitor. DDos attacks are often used as means of unfair competition. It’s important to know your enemy. Identifying the attack’s executor will also reveal the attack’s source of financing.
- Strengthening of your image. Bringing the perpetrators to justice makes your assets unattractive attack targets. Your partners will be certain that you are ready to protect their interests, as well as your own.
- Reduction in the costs of conducting your own investigation. Incorrectly collected evidence, faulty preliminary findings, inadequate documentation, and improper contacting of law enforcement leads to increased costs and loss of valuable time. Engaging an independent team of professionals allows you to avoid critical errors which occur when conducting your own investigations.
- Impartiality and reliability of the data. Unique methodologies, updated databases, and knowledge of the specifics of computer crime guarantee the speed, reliability, and comprehensiveness of the obtained data regarding the perpetrators. The involvement of the independent experts will provide you with impartiality of the data, even in cases involving the internal staff.
- Properly executed documentation. The information collected during the course of the incident investigation is documented in accordance with the applicable laws, guaranteeing that the resulting evidentiary base will be reviewed and approved by the law enforcement and judiciary authorities.