http://news.ft.com/servlet/ContentServer?pagename=FT.com/StoryFT/FullStory&c=StoryFT&cid=1066565805264&p=1012571727088 By Chris Nuttall in London Published: November 11 2003 Evidence of a new type of international extortion racket emerged on Tuesday with revelations that blackmailers have been exploiting computer hacking techniques to threaten the ability of companies to conduct business online. Gangs based in Eastern Europe have been found to have been launching waves of attacks on corporate networks, costing the companies millions of dollars in lost business and exposing them to blackmail. The most recent cases of affected companies have surfaced in Britain where the National Hi-Tech Crime Unit (NHTCU) is investigating how one betting site was brought down and then received a threat that it would be attacked again unless tens of thousands of pounds were paid. It is co-operating with international law enforcement agencies, with the perpetrators thought to be based in Eastern Europe. Ian Morris, founder of Equip Technology, a systems security integrator, said: "We've dealt with six cases now and it's got to be multiples of that, and not just in the UK, it's obviously a worldwide problem. "They seem to be targeting high-volume low-value transactional sites." The attacks involve gangs commandeering as many as hundreds of computers through hacking methods to use without their owners' knowledge. A command is then issued to each one simultaneously to make a series of bogus requests to the servers of the victim. The weight of traffic brings the servers to a halt and legitimate requests to carry out transactions cannot be completed. One UK company was reported to be losing £1m ($1.66m) a day in lost business as its service remained down. More than a dozen offshore gambling sites serving the US market were hit by the so-called Distributed Denial of Service attacks and extortion demands in September and the tactic is now spreading. Sites have been asked to pay up to $50,000 to ensure they are free from attacks for a year. Police are urging any victims not to give in to blackmail and report the crime. Detective Superintendent Mick Deats, head of operations at the NHTCU, said: "This is a protection racket. The message to these companies is 'You pay and we leave you alone'. "If the demand comes in for $40,000-50,000, compared to the losses they're suffering, there's an attraction for the companies to pay and hope it goes away. But there's nothing to say it will go away." One security firm has responded to appeals for help from six companies as their systems have been brought down by DDoS attacks. Four of these were online gambling sites, one was a leading retailer with a web presence and the other an online payments provider. WorldPay, the online payments service owned by the Royal Bank of Scotland that serves 27,000 online retailers globally, admitted to suffering a major DDoS attack last week. It said no customer data were compromised in the attack and sources close to the company said there was no evidence of any blackmail threat. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Nov 12 2003 - 08:21:07 PST