Blinking in the MD's inbox was a intimidating email warning of a "DDOS Attack!", unless the broker paid up $US5750 in bitcoins within the next 24 hours with the ransom price increasing to $US11,500 in bitcoins and increasing "for every hour of attack".

DD4BC demands

"All your servers are going under DDoS attack unless you pay 25 Bitcoin," the first demand, sent at 9.10am on Monday, read.

"Please note that it will not be easy to mitigate our attack because our current UDP flood power is 400-500 Gbps ... It is just to prove that we are serious.

"If you ignore us and don't pay within 24 hours, long term attack will start, price to stop will go to 50BTC and will keep increasing for every hour of attack. If you are thinking of reporting this to authorities, feel free to try. But it won't help. We are not amateurs. We do bad things but we keep our word," the cyber criminals signed off.

Then Prime Minister Tony Abbott opened the Australian Cyber Security Centre last November. Andrew Meares

The next demand from DD4BC – which stands for "DDoS for bitcoin" (distributed denial of service for bitcoin) and is a commonly executed cyber attack used to bring down websites and debilitate web servers – landed about midday the next day.

"You are ignoring us," they wrote. "You probably believe that after some time, we will give up. But we never give up. You don't pay, your services go offline for a long time. Until you pay more.This is your last chance."


Mr Klink, a former IBM executive, refused to pay but called in cloud provider Amazon, the Australian Federal Police and the government's ACSC, which knew to take the sophisticated cyber criminals seriously.

"We could see they were trying to bring down the website with a UDP flood attack. Amazon brought in their security team and we avoided any downtime for our site," Mr Klink told The Australian Financial Review.

Australia's biggest banks have withdrawn their support for bitcoins in the wake of extortion threats by DD4BC. Tomohiro Ohsumi

DDoS attacks on the rise

To date, DD4BC have launched about 150 attacks across Europe, the United States, New Zealand and Australia – with 58 per cent directed at financial services companies, according to research by cloud provider Akamai, released this month. As part of the attacks, the group seeks an initial payment of 25 bitcoins – with bitcoins currently valued at about $US230 each – in exchange for relinquishing a flood of inbound data issues, which render a target's website inaccessible.

The group deliberately demand payment in bitcoins to take advantage of the virtual currency's anonymity and "transaction malleability", a glitch that makes it possible to fake transactions and create phantom transaction records.

Luckily, the cluster of denial of service attacks occurred predominantly on a non-trading day, although Mr Klink added that its trading systems were not connected to its website and were never under threat.

The Financial Review understands that Westpac and Macquarie Bank were among other major financial institutions targeted. Neither organisation confirmed an attack although Macquarie said it would work with the Australian Federal Police on any investigation.


The first cyber ransom note from DD4BC.

"Denial of service incidents are a known feature of operating in a digital economy," Macquarie spokeswoman Navleen Prasad said. "Macquarie has appropriate systems and processes in place, including working with law enforcement and other financial institutions where appropriate, to ensure confidential data remains protected."

The revelations come as Australia's biggest banks have moved to withdraw their support for bitcoins, after letters were sent from Westpac and Commonwealth Bank of Australia to at least 17 Australian bitcoin companies and bitcoin exchanges including Bit Trade and Buyabitcoin informing them their accounts would be closed.

The second cyber ransom note from DD4BC.