Extortion via DDoS on the rise
Criminals are using the attacks to extort money from victimized companies
Network World - Criminals are increasingly targeting corporations with distributed denial-of-service (DDoS) attacks designed not to disrupt business networks but to be used as tools to extort thousands of dollars from the companies.
Those targeted are increasingly deciding to pay the extortionists rather than accept the consequences, experts say. While reports of this type of crime have circulated for several years, most victimized companies remain reluctant to acknowledge the attacks or enlist the help of law enforcement, resulting in limited awareness of the problem and few prosecutions.
Extortion is "becoming more commonplace," said Ed Amoroso, chief information security officer at AT&T Corp. "It's happening enough that it doesn't even raise an eyebrow anymore."
"In the past eight months we have seen an uptick with the most organized groups of attackers trying to extort money from users," said Rob Rigby, director of managed security services at MCI Inc. "We try to do our best to get [customers] through it, but we leave it up to them to bring such attacks to the attention of law enforcement."
While MCI has been asked to help with prosecutions in other cybercrime cases, Rigby says he does not recall a service provider being subpoenaed in a DDoS extortion case.
Quantifying the extortion problem is difficult because the FBI, ISPs and third-party research firms can't provide figures on the number of DDoS attacks that include demands for money.
The FBI aggressively works daily on cases involving DDoS attacks and extortion, said bureau spokesman Paul Bresson.
"Almost all of them have an international connection," he says. "There aren't many cases where people doing this are from the U.S, and many times it is a juvenile subject to the laws of another country."
Bresson says such cases have been prosecuted, although he was unable to cite any. The FBI continues to encourage companies to report this crime to law enforcement, he says, yet "we understand there's a reluctance to do so."
An indeterminable number of victims are choosing to meet the demands of extortionists rather than turn to law enforcement because they're worried about negative publicity. The law does not prohibit paying, said Kathleen Porter, an attorney at Robinson & Cole LLP in Boston, who has extensive experience with e-commerce and Internet law.
"It's illegal to make the demand, but it's not illegal for companies to pay to make the attacks go away. It's analogous to ransom," Porter said. "It's something companies are doing because the costs of denial-of-service attacks are so expensive."
"The problem is, if companies keep paying, the attacks will continue," she said.
Even those who don't pay and instead
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- IDG Research Survey: Are you Paying Too Much for Your NMS? Feel like you're paying too much for network monitoring? You're not alone. This survey brief summarizes findings from research recently fielded by IDG...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Live Webcast 5 Steps to Assuring Quality of Experience In order to align monitoring and management practices with the true demands of the business, IT professionals must expand beyond traditional comfort zones...
- Live Webcast Master the Changing SAP Landscape with Performance Management SAP landscapes are not getting simpler. Gradually, business processes that used to be contained on a single SAP system now involve a range...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Navigating the New Wireless Landscape Thriving in the new wireless landscape View Now>> All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!