Expert: Online extortion growing more common

Online extortion is rife and that cybercrime is set to get worse, the SANS Institute's research director said Friday.

"Six or seven thousand organizations are paying online extortion demands," Alan Paller said at the SANS Institute's Top 20 Vulnerabilities conference in London. "The epidemic of cybercrime is growing. You don't hear much about it because it's extortion, and people feel embarrassed to talk about it."

The SANS Institute, based in Bethesda, Md., offers training and resources related to information security.

"Every online gambling site is paying extortion," Paller asserted. "Hackers use DDoS (distributed denial-of-service) attacks, using botnets to do it. Then they say, 'Pay us $40,000, or we'll do it again.'"

Paller added he was concerned that the same techniques used for extortion--that is, DDoS attacks--could easily be used to target organizations in the critical national infrastructure.

Roger Cumming, the director of the U.K.-based National Infrastructure Security Co-ordination Centre, shares Paller's concern.

"There's an enormous amount of extortion," Cumming said. "We are concerned...(that) the technologies of extracting money could be used to endanger the (critical national infrastructure). One of the things we are talking about is how to mitigate that threat."

Paller called for tech companies to do better. He said that security vulnerabilities are vendors' responsibility to fix and that their products should reflect the suggestions associated with the SANS top 20 vulnerabilities list.

"Applications breaking after patching is the operating system vendor's fault," he said. "They tell developers to build applications on unprotected systems. But the other half of the game is that application vendors should have to test their products on safer systems. You do that with procurement."

A representative for at least one prominent British gambling site said that he would rather not comment on the whole issue.

Dan Ilett of ZDNet UK reported from London.

[teakilla]

Extortion

ANY ONE THAT IS COUGHT DOING ANYTHING WRONG LIKE EXTORTION OR TRYING TO GET ANYONE INFORMATION TO USE AND TAKE THERE IDENTY AND MONEY OR ANY THING WRONG MO MATER WHAT IF IT WRONG THEY SHOULD BE PUNISHED AND I MEAN PUT IN JAIL FOR YEARS THEY DIRSIVE IT FOR DONING WRONG THAT HOW I FELL THANKS

Online Extortion...the new epidemic

The day has finally come when attacks are simple enough to launch and easy enough to create that online extortion and Cybercrime has become a real threat.

I invite you to lean more about what you can do to comabt this threat at:
<a class="jive-link-external" href="http://www.webscreen-technology.com" target="_newWindow">http://www.webscreen-technology.com</a>

[intellibloke]

A mirror of the real world

Any 'new' environment is open to extortion. It's all part of the coming of age prior to regulation, control and policing eventually putting a stop to it along with the freedom of access and innovation.

Extortion is wrong and my business operates within the highly targeted market of online gaming so i am completely opposed to what goes on, however the Internet is just like Russia, Iraq and Afghanistan; create a free world where people can do what they like and a minority will abuse the opportunity for finanical gain. Kidnapping is easy money in the aforementioned countries just like a denial of service attack on the Internet (but to date without the deadly consequences).

The trick is going to be policing the Internet without turning it into a dictatorship.

Oh, my mistake.

I though this was another article about Microsoft
demanding money from non-XP users in order for these
Windows users to get current and future security updates.

[rbannon]

Yea, it's morons like these . . .

. . . that rely on Microsoft products to run a business. Worse still,
is all the dolts who run Microsoft products from home, just
waiting for someone to take their machines (Windows = lowest
cost of ownership!).

BTW, thugs are always bad, but just guess who's the biggest
player in the world extortion market? If you said the U.S.
government, give yourself a pat on the back.

Also, why in God's name would someone pay extortion to some
thug? If it happened to me, I'd call the cops right away. Yes, I
know the cops wouldn't do much unless I were a BIG player, but
it kind of re-affirms my belief that in the U.S. we're not all equal
under the law.

What we need are free markets, where the rights (life, liberty,
property) of each individual is equally protected by law. Wait,
wasn't that what the U.S. constitution was supposed to
guarantee? I don't care who's being targeted (drug dealer, or
monk), each of us has the right to be protected from the mob.
An attack against one is an attack against us all.

this problem is easy to solve

The solution to this problem is obvious. People should launch MORE DDoS attacks. If a gambling website is paying extortion money to hacker A, their payoff is useless if hackers B, C, and D decide to launch their own attacks. What is a person to do, pay off every hacker in the world?

The more extortioners, the less money is available for each individual extortioner, and the less profitable the effort becomes. Eventually, it simply wont be worth anyone's time to extort this way.

The *REAL* problem is bad security measures on personal computers. The source of this problem, quite likely, is that we don't really have a choice in terms of personal operating systems. People are pretty much forced to use Microsoft Windows.

Perhaps SP2 for XP will solve this problem, perhaps not. If it doesn't, consumers need to educate themselves and make wise choices. If that doesn't happen, no amount of regulation or law enforcement will be effective, either re: hackers, or re: software monopolies.

[el33tpenguin]

Online extortion

Tale of another extortionist: <a class="jive-link-external" href="http://www.thekaramazovgroup.com" target="_newWindow">http://www.thekaramazovgroup.com</a>