- "More than a dozen offshore gambling sites serving
the US market were hit by the so-called Distributed Denial of Service attacks
and extortion demands in September and the tactic is now spreading. Sites
have been asked to pay up to $50,000 to ensure they are free from attacks
for a year."
-
- LONDON -- Evidence of a new
type of international extortion racket emerged on Tuesday with revelations
that blackmailers have been exploiting computer hacking techniques to threaten
the ability of companies to conduct business online.
-
- Gangs based in Eastern Europe have been found to have
been launching waves of attacks on corporate networks, costing the companies
millions of dollars in lost business and exposing them to blackmail.
-
- The most recent cases of affected companies have surfaced
in Britain where the National Hi-Tech Crime Unit (NHTCU) is investigating
how one betting site was brought down and then received a threat that it
would be attacked again unless tens of thousands of pounds were paid. It
is co-operating with international law enforcement agencies, with the perpetrators
thought to be based in Eastern Europe.
-
- Ian Morris, founder of Equip Technology, a systems security
integrator, said: "We've dealt with six cases now and it's got to
be multiples of that, and not just in the UK, it's obviously a worldwide
problem.
-
- "They seem to be targeting high-volume low-value
transactional sites."
-
- The attacks involve gangs commandeering as many as hundreds
of computers through hacking methods to use without their owners' knowledge.
A command is then issued to each one simultaneously to make a series of
bogus requests to the servers of the victim. The weight of traffic brings
the servers to a halt and legitimate requests to carry out transactions
cannot be completed.
-
- One UK company was reported to be losing £1m ($1.66m)
a day in lost business as its service remained down.
-
- More than a dozen offshore gambling sites serving the
US market were hit by the so-called Distributed Denial of Service attacks
and extortion demands in September and the tactic is now spreading. Sites
have been asked to pay up to $50,000 to ensure they are free from attacks
for a year. Police are urging any victims not to give in to blackmail and
report the crime.
-
- Detective Superintendent Mick Deats, head of operations
at the NHTCU, said: "This is a protection racket. The message to these
companies is 'You pay and we leave you alone'.
-
- "If the demand comes in for $40,000-50,000, compared
to the losses they're suffering, there's an attraction for the companies
to pay and hope it goes away. But there's nothing to say it will go away."
-
- One security firm has responded to appeals for help from
six companies as their systems have been brought down by DDoS attacks.
-
- Four of these were online gambling sites, one was a leading
retailer with a web presence and the other an online payments provider.
-
- WorldPay, the online payments service owned by the Royal
Bank of Scotland that serves 27,000 online retailers globally, admitted
to suffering a major DDoS attack last week.
-
- It said no customer data were compromised in the attack
and sources close to the company said there was no evidence of any blackmail
threat.
-
- © Copyright The Financial Times Ltd 2003.
-
- http://news.ft.com/servlet/ContentServer?pagename=FT.com/StoryFT/FullStory
&c=StoryFT&cid=1066565805264&p=1012571727088
|