UGN Security
Posted By: Ice Cyber gangs hold companies to ransom - 11/13/03 02:27 AM
Gangs of cyber-hoods are terrorising businesses with the kind of protection rackets that form the basis of offline organised crimes.


The 'pay up or we'll burn down your bar' approach favoured by organised criminals worldwide has made the move online, with cyber-criminals threatening to destroy companies' online presence if they don't pay them off.

The most common and effective ploy being used by these criminals is the threat of a distributed denial of service attack (DDoS), which can take down a site by bombarding its servers with emails from a network of PCs all breached by a Trojan.

Part of the problem with these kinds of crimes is that it is almost impossible to gauge the full extent of the problem, because many companies would rather pay up and avoid the negative press which their case might attract if they reported it to police - and shareholders.

In the same way companies like to brush hacks and virus outbreaks under the carpet, many would be loathe to publicly admit their systems are vulnerable.

Neil Barrett, technical director at Information Risk Management, who is an advisor to the UK police on high-tech crime, said: "Nobody knows the full extent of this problem. There has certainly been a significant increase in the number of denial of service attacks and the only sensible reason would seem to relate to extortion."

Barrett highlighted the problem of non-disclosure, stating that many companies may opt to comply with "pay up and don't tell the police"-style demands.

He said among the sites targeted previously include internet gambling sites. But in theory any company conducting cash transactions with clients or customers is a target - criminals know many will look upon paying the ransom as the lesser 'evil' compared to running the risk that clients lose faith in the sites security.

As for who is committing these crimes, Barrett is convinced this is not a new breed of criminal.

"It's the same criminals, just with new tricks," he said, stating that previous investigations have implicated the Russian mafia, suggesting organised crime has realised there are rich pickings now to be had online.

"It's up to all of us to guard against this," said Barrett, explaining that the home PC infected with the Trojan which enables the DDoS attack is as important a cog in the criminals' machine as the site which is targeted.

"In the same way the police can't guard every shop on the high street, you can't guard every site on the internet. We all have to be a lot more vigilant."

Source: Sillicon
© UGN Security Forum