Two Sudanese nationals, Ahmed Salah Yousif Omer and his brother Alaa Salah Yusuuf Omer, have been indicted by a federal grand jury for their involvement in the infamous hacktivist group known as Anonymous Sudan (also known as Storm-1359). According to US officials, these individuals have been responsible for more than 35,000 DDoS attacks globally since early 2023, causing substantial disruptions to major websites and government agencies, resulting in an estimated $10 million in damages.
The charges against Ahmed and Alaa include one count of conspiracy to damage protected computers for their roles in operating and controlling Anonymous Sudan. Additionally, Ahmed faces three counts for damaging protected computers, with potential consequences of a maximum of five years in federal prison for Alaa and life imprisonment for Ahmed if found guilty.
Adam Meyers, the head of counter adversary operations at CrowdStrike, a key contributor to the Department of Justice (DoJ) investigation, emphasized the challenges of maintaining anonymity in cyber activities over an extended period. He noted that while it may be easy to hide initially, the increased activity and exposure can make it increasingly difficult to maintain a cloak of anonymity.
Operation PowerOFF, a collaborative effort involving law enforcement authorities from multiple countries such as the US, UK, Germany, Poland, and the Netherlands, has been instrumental in dismantling DDoS-for-hire operations globally. This operation has achieved significant successes in the past, including the shutdown of various DDoS-for-hire platforms and the arrest of key individuals like the admins of Webstresser.
Anonymous Sudan’s visibility and connections to other hacktivist groups like KillNet and involvement in operations such as #OpIsrael have made them more susceptible to investigation and identification. With assistance from the Big Pipes working group, authorities were able to track down assets linked to Anonymous Sudan and obtain critical insights into the group’s leadership structure. In March, the FBI successfully seized key components of the group’s sophisticated attack tool, including servers and accounts containing essential data.
While Anonymous Sudan was initially linked to Russian hacktivist groups and suspected of having ties to the Russian state, further analysis and investigation have challenged these assumptions. The group’s alignment with KillNet was primarily driven by anti-West sentiments rather than any direct state sponsorship. Chad Seaman from Akamai SIRT emphasized the importance of evidence-based attribution in cybersecurity investigations, cautioning against jumping to conclusions without substantial proof.
In conclusion, the indictment of Ahmed and Alaa Salah Yousif Omer sheds light on the complex world of cybercrime and the challenges authorities face in identifying and prosecuting individuals involved in such activities. The collaborative efforts of law enforcement agencies through operations like PowerOFF are crucial in combating cyber threats and holding perpetrators accountable for their actions. The case of Anonymous Sudan serves as a reminder of the ongoing battle against cybercriminals and the need for continued vigilance in protecting online security and privacy.