Security Engineer Sentenced to 3 Years in Prison After DDOSing China Bitcoin Exchanges For 66 BTC
7 November 2017 Beijing-Pan, a network security engineer, hired Russian hackers to DDOS several bitcoin exchanges in China on the darknet. Then he blackmailed these exchanges, demanding bitcoins to stop the attack. On 27th Oct ,2017, he was sentenced to 3 years in prison with a fine of 5,000 yuan in Beijing.
The is the first bitcoin-ransom case that is prosecuted in China.
Pan originally worked as a security engineer in Guizhou Branch for a famous network security company. His daily work is to provide network security services to customers and he has many years of network security experience.
The report reveals that Pan’s motive to DDOS these exchanges simply out of “economic stress” in 2016. He hired hackers to launch DDOS attack to three exchanges on 1 August 2016, 4 August and 10 August respectively. The trading engines of the exchanges under attack were forced to shut down. Users complained about being unable to log in. Meanwhile the staff received scrambled phone call and anonymous email. The message was that these attacks were some kind of “stress test”, which would continue unless a ransom of bitcoin was paid to the designated address.
The 3 exchanges deployed counter measures by failed. Lots of complaints flooded in and the 2 exchanges had to deposit 22 and 44 bitcoins to the address designated by Pan. The third exchange stick to defense instead of paying the ransom and called the police.
Beijing police captured the suspect in Guizhou and Pan confessed the above facts. However, due to the fact that Pan hired offshore hacker attacks and the use of “self-destruction” mailboxes, the were unable to retrieve data from Pan’s sending email and therefore hold solid evidence. If such evidence was missing in the early stage, subsequent prosecution would be difficult to proceed.
Then here comes the tricky part. The prosecutor retrieved extortion email from the victims and had them printed out. Pan, the suspect, was asked to described the content of email and identify the extortion email. If Pan admitted that such email was composed by himself, he would be asked to sign his name on the print-out of emails.
Pan did sign his name on these emails. He didn’t know that would be most solid evidence against himself despite his repeated denial later.
He also argued that bitcoin was illegal virtual commodity in China and it had no value. Therefore his extortion of bitcoins couldn’t be used to determine his penalty. The police had learned that the exchanges spent 234,961.52 yuan(3,560 per btc) to purchase these bitcoins. In the end, prosecutor charged Pan based on the loss caused by his action instead of value of the ransom.