Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Extortion via DDoS on the rise

Criminals are using the attacks to extort money from victimized companies

May 16, 2005 12:00 PM ET

Network World - Criminals are increasingly targeting corporations with distributed denial-of-service (DDoS) attacks designed not to disrupt business networks but to be used as tools to extort thousands of dollars from the companies.
Those targeted are increasingly deciding to pay the extortionists rather than accept the consequences, experts say. While reports of this type of crime have circulated for several years, most victimized companies remain reluctant to acknowledge the attacks or enlist the help of law enforcement, resulting in limited awareness of the problem and few prosecutions.
Extortion is "becoming more commonplace," said Ed Amoroso, chief information security officer at AT&T Corp. "It's happening enough that it doesn't even raise an eyebrow anymore."
"In the past eight months we have seen an uptick with the most organized groups of attackers trying to extort money from users," said Rob Rigby, director of managed security services at MCI Inc. "We try to do our best to get [customers] through it, but we leave it up to them to bring such attacks to the attention of law enforcement."
While MCI has been asked to help with prosecutions in other cybercrime cases, Rigby says he does not recall a service provider being subpoenaed in a DDoS extortion case.
Quantifying the extortion problem is difficult because the FBI, ISPs and third-party research firms can't provide figures on the number of DDoS attacks that include demands for money.
The FBI aggressively works daily on cases involving DDoS attacks and extortion, said bureau spokesman Paul Bresson.
"Almost all of them have an international connection," he says. "There aren't many cases where people doing this are from the U.S, and many times it is a juvenile subject to the laws of another country."
Bresson says such cases have been prosecuted, although he was unable to cite any. The FBI continues to encourage companies to report this crime to law enforcement, he says, yet "we understand there's a reluctance to do so."
An indeterminable number of victims are choosing to meet the demands of extortionists rather than turn to law enforcement because they're worried about negative publicity. The law does not prohibit paying, said Kathleen Porter, an attorney at Robinson & Cole LLP in Boston, who has extensive experience with e-commerce and Internet law.
"It's illegal to make the demand, but it's not illegal for companies to pay to make the attacks go away. It's analogous to ransom," Porter said. "It's something companies are doing because the costs of denial-of-service attacks are so expensive."
"The problem is, if companies keep paying, the


Reprinted with permission from

For more information about enterprise networking, go to NetworkWorld.com
Story copyright 2009 Network World, Inc. All rights reserved.

Jump to comments

Security

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs