Expert: Online extortion growing more common

Online extortion is rife and that cybercrime is set to get worse, the SANS Institute's research director said Friday.

"Six or seven thousand organizations are paying online extortion demands," Alan Paller said at the SANS Institute's Top 20 Vulnerabilities conference in London. "The epidemic of cybercrime is growing. You don't hear much about it because it's extortion, and people feel embarrassed to talk about it."

The SANS Institute, based in Bethesda, Md., offers training and resources related to information security.

"Every online gambling site is paying extortion," Paller asserted. "Hackers use DDoS (distributed denial-of-service) attacks, using botnets to do it. Then they say, 'Pay us $40,000, or we'll do it again.'"

Paller added he was concerned that the same techniques used for extortion--that is, DDoS attacks--could easily be used to target organizations in the critical national infrastructure.

Roger Cumming, the director of the U.K.-based National Infrastructure Security Co-ordination Centre, shares Paller's concern.

"There's an enormous amount of extortion," Cumming said. "We are concerned...(that) the technologies of extracting money could be used to endanger the (critical national infrastructure). One of the things we are talking about is how to mitigate that threat."

Paller called for tech companies to do better. He said that security vulnerabilities are vendors' responsibility to fix and that their products should reflect the suggestions associated with the SANS top 20 vulnerabilities list.

"Applications breaking after patching is the operating system vendor's fault," he said. "They tell developers to build applications on unprotected systems. But the other half of the game is that application vendors should have to test their products on safer systems. You do that with procurement."

A representative for at least one prominent British gambling site said that he would rather not comment on the whole issue.

Dan Ilett of ZDNet UK reported from London.

[teakilla]

Extortion

ANY ONE THAT IS COUGHT DOING ANYTHING WRONG LIKE EXTORTION OR TRYING TO GET ANYONE INFORMATION TO USE AND TAKE THERE IDENTY AND MONEY OR ANY THING WRONG MO MATER WHAT IF IT WRONG THEY SHOULD BE PUNISHED AND I MEAN PUT IN JAIL FOR YEARS THEY DIRSIVE IT FOR DONING WRONG THAT HOW I FELL THANKS

Online Extortion...the new epidemic

The day has finally come when attacks are simple enough to launch and easy enough to create that online extortion and Cybercrime has become a real threat.

I invite you to lean more about what you can do to comabt this threat at:
http://www.webscreen-technology.com

[intellibloke]

A mirror of the real world

Any 'new' environment is open to extortion. It's all part of the coming of age prior to regulation, control and policing eventually putting a stop to it along with the freedom of access and innovation.

Extortion is wrong and my business operates within the highly targeted market of online gaming so i am completely opposed to what goes on, however the Internet is just like Russia, Iraq and Afghanistan; create a free world where people can do what they like and a minority will abuse the opportunity for finanical gain. Kidnapping is easy money in the aforementioned countries just like a denial of service attack on the Internet (but to date without the deadly consequences).

The trick is going to be policing the Internet without turning it into a dictatorship.

[Stan Kee]

Too bad

Too bad I'm not in on any of this. Making minimum wage doesn't cut it. Hey, the rich lobby politicans to take advantage, I see nothing wrong with the average person taking advantage. Until the true criminals are clamped down upon I won't look down on the small fish.

[zaznet]

Bigger Problem

You are missing the big picture here. The real problem is that 14 year old kids can hold any web site hostage because of a number of vulnerabilities in the operating systems of computers connected to the Internet mostly at homes.

The DDoS (Distributed Denial of Service) attacks utilize hundreds or thousands of individual computers that are all compromised without the owners knowledge. It would be possible to block all connections going to your bank preventing your credit cards, bank cards and check purchases from clearing or accessing your account in any way.

I am not worried about the gambling sites being extorted. I could care less what happens to sites that prey on their customers as is the motivation of all gambling institutions. My concern is that more legitimate enterprises will be caught by this same problem and they are not currently easy enough to catch.

Oh, my mistake.

I though this was another article about Microsoft
demanding money from non-XP users in order for these
Windows users to get current and future security updates.

[rbannon]

Yea, it's morons like these . . .

. . . that rely on Microsoft products to run a business. Worse still,
is all the dolts who run Microsoft products from home, just
waiting for someone to take their machines (Windows = lowest
cost of ownership!).

BTW, thugs are always bad, but just guess who's the biggest
player in the world extortion market? If you said the U.S.
government, give yourself a pat on the back.

Also, why in God's name would someone pay extortion to some
thug? If it happened to me, I'd call the cops right away. Yes, I
know the cops wouldn't do much unless I were a BIG player, but
it kind of re-affirms my belief that in the U.S. we're not all equal
under the law.

What we need are free markets, where the rights (life, liberty,
property) of each individual is equally protected by law. Wait,
wasn't that what the U.S. constitution was supposed to
guarantee? I don't care who's being targeted (drug dealer, or
monk), each of us has the right to be protected from the mob.
An attack against one is an attack against us all.

this problem is easy to solve

The solution to this problem is obvious. People should launch MORE DDoS attacks. If a gambling website is paying extortion money to hacker A, their payoff is useless if hackers B, C, and D decide to launch their own attacks. What is a person to do, pay off every hacker in the world?

The more extortioners, the less money is available for each individual extortioner, and the less profitable the effort becomes. Eventually, it simply wont be worth anyone's time to extort this way.

The *REAL* problem is bad security measures on personal computers. The source of this problem, quite likely, is that we don't really have a choice in terms of personal operating systems. People are pretty much forced to use Microsoft Windows.

Perhaps SP2 for XP will solve this problem, perhaps not. If it doesn't, consumers need to educate themselves and make wise choices. If that doesn't happen, no amount of regulation or law enforcement will be effective, either re: hackers, or re: software monopolies.

[el33tpenguin]

Online extortion

Tale of another extortionist: http://www.thekaramazovgroup.com