http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=4237306 By Bernhard Warner European Internet Correspondent 29 January, 2004 LONDON (Reuters) - Organised crime gangs are shaking down Internet betting sites on the eve of American football's Super Bowl, threatening to unleash a crippling data attack unless they pay a "protection" fee, police and site operators said. The National Hi-Tech Crime Unit (NHTCU) told Reuters it is investigating a series of attacks and threats of attacks on companies in the United Kingdom. But security experts say sites based in the Caribbean and continental Europe have also been targeted. "These are not groups of amateur hackers -- great deals of money are changing hands," said an NHCTU spokesman. "These are for-profit crimes and all intelligence suggests that organised crime is involved." One such target is Curacao-based VIP Management Services, which runs seven gambling sites including www.VIPSports.com and www.Betgameday.com. "We were first targeted in September and have been under intermittent attack ever since," said Alistair Assheton, managing director of the privately held six-year-old firm. E-XTORTION ARTISTS The so-called denial-of-service attacks, which can disable a corporate data network with a barrage of bogus data requests, are a standard tool for hackers aiming to knock out a site. Lately, police say, crime gangs have adapted it to extort businesses. Security experts and police said they believe the gangs are based in Eastern Europe and Russia, taking advantage of the region's weak cyber crime laws and its legions of savvy programmers. Assheton said that on Monday he received the latest threat via e-mail. It was a demand for $30,000 (16,435 pounds) to be wired via Western Union to the extortionist's account or risk being hit. "They essentially said 'pay up or you will go down for the Super Bowl,'" he said. Police sources said this type of cyber "protection racket" has grown in recent months. The risk of being knocked offline by a digital attack on Super Bowl weekend, one of the busiest betting periods of the year, could doom a gambling site. Jeffrey Weber, who writes an online news letter dedicated to the industry, called www.Alltopsportsbooks.com, estimated an outage of a few hours is costly. "That's $500,000 to $1 million dollars worth of action wiped out in one shot," he said. PAY UP -- OR ELSE Reuters obtained a copy of an e-mail extortion threat distributed earlier this month. It demanded sites pay $15,000 for six months' worth of protection. "If you wait to make a deal with us when the attacks start, it will cost you $25,000 for six months protection and the lost revenues as your site will stay down until the $25,000 is received," the e-mail threat said. Weber said a number of small sites have paid up, calculating it would be cheaper than going dark during a busy period. "It's almost like the criminal elements of the neighbourhood bookmakers has merged with the world of online bookmakers," he said. Noting the relatively small sums demanded -- to ensure the victim does not go out of business and can continue to pay up -- security and law enforcement sources said they believe this is the work of gangs with experience in such shakedown schemes. "This is very professional," said one security expert. The Net crime wave is not exactly new. Extortionists and crime groups have targeted businesses of all sizes since the early days of e-commerce. Law enforcement has been hampered because until recently companies were reluctant to report the incidents for fear of hurting their business reputation. Police hope a recent spirit of cooperation will help their cause. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Jan 30 2004 - 09:11:18 PST