Persistent Attacks on Investigative Platforms
For more than two weeks, the websites associated with ScamGrinder and similar investigative initiatives have faced sustained Distributed Denial of Service (DDoS) attacks. This isn’t a new challenge—it reflects a pattern of cyber retaliation that has emerged repeatedly since early 2018. These incidents are believed to stem from efforts to uncover cybercrime networks and fraudulent financial operations.
Since its inception, this investigative effort has endured nearly a dozen major DDoS campaigns. Each wave has involved hundreds of millions of malicious requests, aimed at rendering websites and servers inaccessible. In response, the infrastructure supporting these platforms has been continuously adapted, incorporating multiple hosting providers, domains, and content delivery systems spread across North America and Europe.
Defensive Measures and Redirect Strategy
To counter these attacks and maintain uptime, the team behind the reports mirrors site content across various domains and uses redundancy across different server locations. In some cases, domain and server configurations are changed several times per day to stay ahead of disruptions.
Additionally, redirected DDoS traffic is occasionally routed to cybersecurity authorities such as the FBI’s Cybercrime Division for analysis and reporting. Some readers may have noticed these redirects during periods of peak attack activity.
Why the Attacks Continue
The primary targets of these attacks are the investigations into alleged cybercrime groups, financial fraud operators, and unlicensed financial service providers. These entities often possess the resources and technical capability to launch coordinated attacks in response to public exposure. Alongside cyberattacks, threats of litigation and intimidation are not uncommon.
Despite this, these reports have contributed to meaningful legal outcomes:
-
Arrests of individuals such as Gal Barak and Uwe Lenhoff, following investigations into online investment fraud schemes.
-
Ongoing investigations involving more than two dozen suspects across multiple jurisdictions.
-
Revocation of licenses from certain e-money institutions, including Bruc Bond UAB (formerly Moneta International UAB), which was affiliated with individuals such as Eyal Nachum and Tamir Zoltovski.
-
Support in uncovering inconsistencies within companies like Wirecard, partially based on tip-offs from whistleblowers and informants.
Conclusion
These cyberattacks serve as a stark reminder of the risks involved in investigative reporting on financial crime. While the disruptions may impact user experience temporarily, the commitment to exposing fraudulent operations remains unchanged. Public access to reliable information is at the core of these efforts, and protective infrastructure continues to evolve to uphold that mission.