
Subscribe to
Computerworld
or
Other Networking and Internet Stories
May 16, 2005 (Network World) -- Criminals are increasingly targeting corporations with distributed denial-of-service (DDoS) attacks designed not to disrupt business networks but to be used as tools to extort thousands of dollars from the companies.
Those targeted are increasingly deciding to pay the extortionists rather than accept the consequences, experts say. While reports of this type of crime have circulated for several years, most victimized companies remain reluctant to acknowledge the attacks or enlist the help of law enforcement, resulting in limited awareness of the problem and few prosecutions.
Extortion is "becoming more commonplace," said Ed Amoroso, chief information security officer at AT&T Corp. "It's happening enough that it doesn't even raise an eyebrow anymore."
"In the past eight months we have seen an uptick with the most organized groups of attackers trying to extort money from users," said Rob Rigby, director of managed security services at MCI Inc. "We try to do our best to get [customers] through it, but we leave it up to them to bring such attacks to the attention of law enforcement."
While MCI has been asked to help with prosecutions in other cybercrime cases, Rigby says he does not recall a service provider being subpoenaed in a DDoS extortion case.
Quantifying the extortion problem is difficult because the FBI, ISPs and third-party research firms can't provide figures on the number of DDoS attacks that include demands for money.
The FBI aggressively works daily on cases involving DDoS attacks and extortion, said bureau spokesman Paul Bresson.
"Almost all of them have an international connection," he says. "There aren't many cases where people doing this are from the U.S, and many times it is a juvenile subject to the laws of another country."
Bresson says such cases have been prosecuted, although he was unable to cite any. The FBI continues to encourage companies to report this crime to law enforcement, he says, yet "we understand there's a reluctance to do so."
An indeterminable number of victims are choosing to meet the demands of extortionists rather than turn to law enforcement because they're worried about negative publicity. The law does not prohibit paying, said Kathleen Porter, an attorney at Robinson & Cole LLP in Boston, who has extensive experience with e-commerce and Internet law.
"It's illegal to make the demand, but it's not illegal for companies to pay to make the attacks go away.
|
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
|
|
|
All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone |
|
|
| ||||||||
| ||||||||
| ||||||||
|



| XenServer FREE trial Citrix XenServer is the simplest and most effective way to virtualize and provision servers. XenServer combines comprehensive server virtualization capabilities with unparalleled scalability, performance, economics, and ease-of-use. Based on the open source Xen hypervisor, XenServer delivers fast performance, easy management, and advanced features such as live migration. |

Columnist Bert Latamore digs deep to analyze the latest networking trends.
|
IT Service Management: Metrics That Matter Download this whitepaper and learn about the metrics that matter most toward improving operational results, and which two controls any organization can adopt that will put them on path to high performance.Download this white paper now!
See more Whitepapers ![]() |

Networking Know-HowFor tips and best practices on building anything in the network, see Sandra Gittlen's weekly column. Click here to read the latest column by Sandra Gittlen |
| |
![]()
Troubleshooting Remote Site Networks - Best Practices
Management and remote site employees expect the same level of network service as the headquarters site. However, when IT staff are faced with limited resources to support remote site networks, often the applications, services and performance at those sites is not as robust as the headquarters site. See how to deliver a high level of network service at remote sites using the best practices outlined in this white paper.Read whitepaper now ![]() |
![]()
Super-size your LAN with fiber
Fiber optic technology frees the Local Area Network (LAN) from the confines of a single building, allowing a LAN to extend across a campus or a metropolitan area. Read how the selection of fiber optic components affects repeaterless transmission distance and how one school district used fiber to build a more reliable and more cost effective high-speed, district-wide network. Also, read how Metropolitan Area Network (MAN) ownership may require self-assessment of network performance.Read whitepaper now ![]() |
![]()
Determining the cause of poor application performance
Are users constantly complaining that your network is too slow? Or that they canât connect or can't stay connected? Are network applications hanging and slowing productivity? Do you spend way too much time trying to isolate the source of the problem and to prove that often the issue isn't the network at all but the application? In this on demand webcast, learn best practices and common root causes of application problems using case studies and live network traffic.Watch webcast now ![]() |
| About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map |
|
CIO The Industry Standard |


