Feds Indict Sudanese Men Who Allegedly Ran DDoS Ring

The Department of Justice has unsealed an indictment against two men who allegedly ran the Anonymous Sudan entity that claimed credit for a long list of DDoS attacks, including a number that targeted U.S. government agencies, medical facilities, and critical infrastructure facilities in the U.S.

The two men, Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer, are Sudanese nationals and are each charged with one count of conspiracy to damage protected computers, and Ahmed Salah was charged with an additional three counts of damaging protected computers. The indictment was handed down in March but the Justice Department just unsealed it this week and also seized the attack infrastructure the two men allegedly used. The document described a highly active group that performed hundreds of DDoS attacks and also sold access to the tools.

“Members of Anonymous Sudan conducted DDoS attacks using tools called, at various times, “Godzilla Botnet,” “SkyNet,” and “InfraShutdown.” These tools relied upon large numbers of proxy devices, which relayed attack commands and associated network traffic from Anonymous Sudan’s command-and-control server to the victim computers,” the indictment says. 

“Members of Anonymous Sudan also claimed to conduct computer compromise and data theft attacks and would extort victims for the return of the data or offer to sell the data to third parties. Members of Anonymous Sudan also claimed to similarly extort some of their DDoS victims in exchange for cessation of the DDoS attacks.” 

When it comes to cybercrime, targeting U.S. government agencies and critical infrastructure facilities is a career-limiting move. The DoJ and FBI tend to take a dim view of that kind of activity and have demonstrated repeatedly that they have the resources to identify and track down ransomware actors, phishing crews, and other cybercriminals. Among the victims of DDoS attacks from Anonymous Sudan are Cedars-Sinal Medical Center in Los Angeles, which was forced to close its emergency department as a result, as well as the FBI itself and the Department of Defense. 

“The FBI’s seizure of this powerful DDoS tool successfully disabled the attack platform that caused widespread damage and disruptions to critical infrastructure and networks around the world,” said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office. “With the FBI’s mix of unique authorities, capabilities, and partnerships, there is no limit to our reach when it comes to combating all forms of cybercrime and defending global cybersecurity.”

As part of the operation, the FBI seized the servers used to launch and relay the DDoS attacks, as well as the accounts that contained the source code for the attack tools.