Introduction

In a significant legal development, two Sudanese brothers [1] [2] [3] [4] [5] [6] [9] [10], Ahmed Salah Yousif Omer and Alaa Salah Yusuff Omer [2] [3] [4] [5] [6] [8] [9] [10] [11], have been indicted by the US Department of Justice. They are accused of operating “Anonymous Sudan,” a hacktivist group responsible for numerous cyberattacks worldwide. This case highlights the growing threat of cybercrime and its potential to disrupt critical infrastructure and services.

Description

Two Sudanese brothers [1] [2] [3] [4] [5] [6] [9] [10], Ahmed Salah Yousif Omer, 22 [2] [3] [4] [5] [6] [8] [9] [10] [11], and Alaa Salah Yusuff Omer, 27 [2] [3] [4] [5] [6] [8] [10] [11], have been indicted by the US Department of Justice for their alleged roles in operating “Anonymous Sudan,” a hacktivist cybercrime group linked to over 35,000 Distributed Denial-of-Service (DDoS) attacks against critical infrastructure, corporate networks [2] [6] [8], and government agencies worldwide since its inception in January 2023 [6]. The group, which has attracted approximately 80,000 subscribers on Telegram, claims to target nations opposed to Sudan [6], but some security experts suggest it may have connections to the pro-Russian group Killnet [6]. Major organizations targeted include technology giants like Microsoft, OpenAI [1] [4] [5] [7], and PayPal [1], as well as key government entities such as the US Department of Justice, the Pentagon [3] [7], the FBI [3] [4] [7] [8] [11], and the State Department [4] [8] [11] [12]. Notably, their attacks included a significant disruption of Israel’s Red Alert system during the Hamas invasion on October 7, 2023, and a February 2024 attack on Cedars-Sinai Medical Center in Los Angeles, which forced the hospital to redirect emergency patients due to website failures and caused substantial operational disruptions, including the crashing of its patient portal and the rerouting of ambulances.

The brothers allegedly utilized a sophisticated tool known as the Distributed Cloud Attack Tool (DCAT), marketed as a subscription service on platforms like Telegram, allowing clients to launch up to 100 attacks daily for fees ranging from $100 per day to $1,700 per month. Ahmed Salah is identified as the primary administrator of the group, accused of creating the attack infrastructure and publicly claiming responsibility for the assaults [3], while Alaa Salah provided programming support [3]. Their operations extended beyond the US [3], impacting organizations in countries such as the Netherlands, Bahrain [1] [3], the United Arab Emirates [3], Chad [1] [3] [8], Israel [1] [3] [7], and the UK [3]. The group employed advanced techniques, including Layer 7 DDoS attacks [1], which overwhelmed targeted applications and rendered them unusable [1], utilizing hundreds of virtual private servers to execute their strategies and bypass DDoS mitigation services by exploiting vulnerable API endpoints.

The indictment includes charges of conspiracy to damage protected computers against both brothers [3] [8] [10], with Ahmed facing additional counts for damaging protected computers and severe allegations of seeking to cause physical harm. If convicted [2] [3] [4] [5] [8], Ahmed could face life imprisonment [3] [8], particularly for the attack on Cedars-Sinai [3], while Alaa could receive a maximum sentence of five years [2]. The investigation [8], part of Operation PowerOFF [8], aimed to disrupt criminal DDoS-for-hire networks globally [2], leading to the seizure of the botnet infrastructure and the DCAT tool. The group’s attacks have caused extensive network outages and damages exceeding $10 million [8], significantly disrupting emergency services and government operations, including a week-long attack on Kenya’s internet infrastructure in September 2023 [4]. The US Department of Justice has described the brothers’ actions as ideologically motivated [7], with Ahmed reportedly expressing intentions to declare cyber war on the United States [7]. Following their arrest abroad in March 2024, the group’s activities reportedly curtailed [7], leading to the cessation of their Telegram channel and a reduction in their operations [7], underscoring the potential lethal consequences of DDoS attacks as noted by cybersecurity experts and law enforcement officials [7].

Conclusion

The indictment of Ahmed and Alaa Salah Yousif Omer underscores the severe impact of cybercrime on global infrastructure and services. The disruption caused by their alleged activities highlights the urgent need for enhanced cybersecurity measures and international cooperation to combat such threats. The cessation of their operations following their arrest demonstrates the effectiveness of coordinated law enforcement efforts. However, the potential for future attacks remains, emphasizing the importance of vigilance and continued advancements in cybersecurity defenses.

References

[1] https://www.stripes.com/theaters/us/2024-10-16/federal-prosecutors-sudanese-brothers-cyberattack-gang-15528483.html
[2] https://thehackernews.com/2024/10/us-charges-two-sudanese-brothers-for.html
[3] https://www.cbsnews.com/news/2-sudanese-nationals-charged-cyber-attack-for-hire-gang/
[4] https://krebsonsecurity.com/2024/10/sudanese-brothers-arrested-in-anonsudan-takedown/
[5] https://arstechnica.com/information-technology/2024/10/us-prosecutors-take-down-operation-accused-of-35000-ddoses-over-14-months/
[6] https://securityaffairs.com/169937/hacktivism/anonymous-sudan-members-arrested.html
[7] https://www.wired.com/story/anonymous-sudan-ddos-indictment-takedown/
[8] https://www.justice.gov/usao-cdca/pr/two-sudanese-nationals-indicted-alleged-role-anonymous-sudan-cyberattacks-hospitals
[9] https://www.techtarget.com/searchsecurity/news/366613922/DOJ-charges-alleged-Anonymous-Sudan-ringleaders
[10] https://cyberscoop.com/alleged-anonymous-sudan-leaders-charged-prolific-gangs-tool-disabled/
[11] https://www.cybersecuritydive.com/news/us-disrupts-anonymous-sudan-ddos/730104/
[12] https://www.infosecurity-magazine.com/news/us-charges-anonymous-sudan-ddos/