The FBI is investigating denial-of-service attacks targeting several U.S. battery retail Web sites last year that were traced to computers at Russian domains in what looks like a corporate-sabotage campaign, according to documents published yesterday by The Smoking Gun.
The October 2010 distributed denial-of-service (DDoS) attacks on Batteriesplus.com and Batteries4less.com also targeted other battery-related Web sites and have been used to attack a "wide range" of United States-based businesses, causing combined estimated financial losses of more than $600,000, according an FBI analysis of attack logs provided to the agency by an unnamed network security services firm and an unidentified nonprofit security research firm. The other targets were not identified in the excerpt of the FBI documents posted on The Smoking Gun.
Although the attackers appear to have links to Russia, it's likely that they were paid by a U.S. competitor who wanted to affect the victims financially by interfering with sales, said Batteries4less.com Chief Executive Coryon Redd.
"We speculated at the time that it might be a competitor because we are in a very competitive online market. We specialize in cell phone batteries, but there are many companies of similar size to ours that are out there," Redd told CNET in an interview. "None of the (rivals) are going to be in Russia. There's a growing trend for criminals in Russia to offer services such as being able to take down a Web site. The competitor is going to be U.S.-based and contracting out with a bad guy in Russia."
The Batteries4less.com site was down sporadically over a period of three days to a week, causing about $50,000 in lost sales and expenses incurred to defend against the attack, Redd estimated.
"It's very unusual for an e-commerce site to be affected in this way" by a DDoS attack designed for sabotage, he said. Typically, DDoS attacks are politically motivated--against a government site, for instance--or conducted by online activists who want to send a message.
The two botnets, dubbed "Black Energy," controlled by command-and-control servers at the Russian domains, were still attacking U.S. sites as of May 2, 2011, according to the FBI affidavit sworn by Agent Richard Bilson released in excerpt form by The Smoking Gun.
"While the FBI affidavit...does not address the motive for the DDoS attacks, it seems likely that the bureau's computer fraud investigation is examining whether a business competitor was somehow involved in trying to knock U.S. firms offline," The Smoking Gun article says.
The Russian domains were registered in May 2010 by someone using a Yahoo e-mail address linked to a 30-year-old St. Petersburg man. "Investigators subsequently secured a search warrant for the entire contents of the account," the article says. "It does not appear as if anyone has been arrested in connection with the ongoing federal investigation."
A call to the FBI was not immediately returned this morning, and representatives of the battery companies did not immediately return phone calls.
The news comes three weeks after a McAfee researcher revealed that a cyberespionage campaign dubbed "Shady Rat" stole government secrets, sensitive corporate documents, and other intellectual property from more than 70 public and private organizations in 14 countries over five years, possibly linked to China.
Updated at 12:49 p.m. PT with comment from the CEO of Batteries4less.com.