On Saturday, the first of the three attacks that DDoSers have targeted the Sage Law Office on Capitol Hill took place.
In the wake of the attack, the office’s Twitter account was inundated with spam messages, many of which were fake.
The tweets included the username “Panda,” and “I love the Dots,” a reference to a tweet from an account believed to belong to the Anonymous collective.
The botnet, however, quickly stopped the spam campaign and took down the offending tweet.
A few hours later, the account was back online.
As the botnet continued to try to bombard the office with messages, the staffers began receiving notifications that their emails had been forwarded to a botnet in China.
“It was a very surreal experience,” said Sage Law Counsel Paul Seaborn.
The account’s owner, a man identified only as “Sage,” posted a photo on his Facebook page that he claimed was a screenshot of a government email account, and the account quickly became a favorite of DDoS attackers.
“A lot of people were just like, ‘Wow, that looks legit.
That looks legit,’ ” Seaborns told Business Insider.
“I was like, [this] is so ridiculous, but the fact that it was happening, it’s very strange.”
According to Seabrons, the accounts in question belonged to a Chinese company called China Digital Group.
Seabron explained that China Digital was one of the many botnet operators who use the internet-connected computers to send out spam emails and other threats.
As such, the group was one that the United States government was constantly looking out for.
The US Department of Homeland Security, in particular, was especially concerned about Chinese-linked botnets, as they were likely to be used by the Chinese government to conduct targeted attacks on US government agencies and companies.
In March 2017, the US Department announced that it would ban the use of any botnets in the United Nations or other government organizations.
This week, a spokesperson for the US State Department said that it “is aware of the recent activity.”
On Thursday, the Department of Justice sent a letter to China Digital informing it of the ban and requesting it provide the necessary information to confirm that the group is still operating in the US.
According to the letter, the company was unable to provide this information and will not cooperate with the Department’s investigation.
The Department of Defense and other agencies have since started an investigation.
“We have received reports of botnet activity originating from China Digital in the U.S.,” a spokesperson told Businessweek on Thursday.
“The Department is committed to conducting thorough investigations and pursuing those responsible for cyber crime.”
As the Department continued its investigation, some users of the SageLaw Office’s Twitter page began noticing that their messages were being forwarded to the same botnet as the spam messages.
“In an effort to protect the integrity of the message we sent to the D.C. office, we’ve disabled the bot,” the tweet read.
In a statement, Sage Law tweeted that it is “very happy with the response we’ve received and are happy to help in any way we can.”
The office’s spokesman told BusinessWeek that it has no reason to believe the bot is associated with the D-League, though.
“This is not the first time the DLL has been used by botnet attackers to target our offices,” said Seaborg.
“Since the bot was launched, we have been receiving multiple spam messages from bots, and some of these messages were malicious.”