Extortion via DDoS on the rise
Criminals are using the attacks to extort money from victimized companies
Network World - Criminals are increasingly targeting corporations with distributed denial-of-service (DDoS) attacks designed not to disrupt business networks but to be used as tools to extort thousands of dollars from the companies.
Those targeted are increasingly deciding to pay the extortionists rather than accept the consequences, experts say. While reports of this type of crime have circulated for several years, most victimized companies remain reluctant to acknowledge the attacks or enlist the help of law enforcement, resulting in limited awareness of the problem and few prosecutions.
Extortion is "becoming more commonplace," said Ed Amoroso, chief information security officer at AT&T Corp. "It's happening enough that it doesn't even raise an eyebrow anymore."
"In the past eight months we have seen an uptick with the most organized groups of attackers trying to extort money from users," said Rob Rigby, director of managed security services at MCI Inc. "We try to do our best to get [customers] through it, but we leave it up to them to bring such attacks to the attention of law enforcement."
While MCI has been asked to help with prosecutions in other cybercrime cases, Rigby says he does not recall a service provider being subpoenaed in a DDoS extortion case.
Quantifying the extortion problem is difficult because the FBI, ISPs and third-party research firms can't provide figures on the number of DDoS attacks that include demands for money.
The FBI aggressively works daily on cases involving DDoS attacks and extortion, said bureau spokesman Paul Bresson.
"Almost all of them have an international connection," he says. "There aren't many cases where people doing this are from the U.S, and many times it is a juvenile subject to the laws of another country."
Bresson says such cases have been prosecuted, although he was unable to cite any. The FBI continues to encourage companies to report this crime to law enforcement, he says, yet "we understand there's a reluctance to do so."
An indeterminable number of victims are choosing to meet the demands of extortionists rather than turn to law enforcement because they're worried about negative publicity. The law does not prohibit paying, said Kathleen Porter, an attorney at Robinson & Cole LLP in Boston, who has extensive experience with e-commerce and Internet law.
"It's illegal to make the demand, but it's not illegal for companies to pay to make the attacks go away. It's analogous to ransom," Porter said. "It's something companies are doing because the costs of denial-of-service attacks are so expensive."
"The problem is, if companies keep paying, the attacks will continue," she said.
Even those who don't pay and instead
- Improving Business Value of WAN Optimization Want to achieve faster ROI with WAN optimization? Read the latest IDC report and discover how you can cut IT costs without compromising...
- Four Little-Known Ways WAN Optimization Can Benefit Your Organization Read this white paper to learn how far WAN optimization has come, and how to make this most of your investments by using...
- IDC ROI Infographic Trends such as evolving communication patterns, connection types, applications and bandwidth can have an impact on enterprise organizations. Learn how IT organizations can...
- Path Selection Infographic Path Selection Infographic
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!