Cyber Incident Victim: Ukrainian ISP
Date:
Jan 2020
Location:
Ukraine
Summary
A 16-year-old individual in Odessa launched distributed denial-of-service (DDoS) attacks against a Ukrainian internet service provider after it refused his extortion demand for subscriber data. The sustained attacks disrupted the ISP's network operations, prompting law enforcement involvement. Cyber police traced and arrested the suspect, seizing devices containing DDoS tools and credentials linked to multiple hacker forums. Authorities confirmed the attacker's motive was to obtain specific customer information, though the target subscriber's identity remained undisclosed due to the ongoing investigation. The suspect faces potential imprisonment under Ukraine's criminal code for the cyberattacks but was not charged for the attempted extortion. This incident reflects broader patterns of DDoS threats targeting ISP infrastructure to coerce unauthorized data access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late 2019, a 16-year-old male from Odessa, Ukraine, launched distributed denial-of-service (DDoS) attacks against a local internet service provider after the company refused his demand to disclose subscriber information. The attacker's objective was to obtain personal data on a specific ISP customer through extortion. When the ISP declined to comply, the teenager deployed a DDoS botnet that overwhelmed the provider's network infrastructure with malicious traffic, causing significant service disruption. The attacks were sufficiently severe to degrade network operations, prompting the ISP to contact Ukrainian law enforcement authorities for assistance. This incident marked a deliberate attempt to compromise critical telecommunications infrastructure for personal data acquisition rather than financial extortion or ideological motives commonly associated with such attacks.
Ukrainian cyber police initiated an investigation that culminated in the suspect's arrest in Odessa during January 2020. Law enforcement officers executed a search warrant at the teenager's residence, seizing computing devices that forensic examination linked to the DDoS campaign. Preliminary analysis of the equipment revealed specialized software used to coordinate denial-of-service attacks and credentials for approximately 20 accounts on underground hacker forums. Authorities charged the individual under Ukraine's criminal code provisions related to unauthorized interference with computer networks, which carries a maximum penalty of six years imprisonment. No charges were filed regarding the attempted data extortion due to evidentiary or procedural considerations. The investigation remained ongoing at the time of reporting, with officials withholding specifics about the targeted subscriber and the duration of network outages. This case reflects a broader pattern of DDoS attacks disrupting national ISPs, with comparable incidents documented in Liberia, Cambodia, and South Africa involving either high-volume botnets or subnet-targeting techniques.