Global Extortion: Online Gambling and Organized Hacking
Mar 23, 2004 6:30 AM PT
A new trend in extorting money from sports and gambling Web sites isn't going away like security experts had predicted. Online gambling Web sites began receiving e-mail threats in October of last year. The messages contained demands for money to prevent distributed denial-of-service (DDoS) attacks that would shut down the targeted Web site.
Internet security experts urged caution. They theorized that the threats would reach a peak with the Super Bowl game and then fade away. They didn't. Instead, this new twist on the traditional extortion racket is spreading to financial and other gambling Web sites on both sides of the Atlantic Ocean.
Some security experts privately suggested to TechNewsWorld that large crime syndicates are behind the attacks on sports and gaming Web sites. They said the ability to carry out e-mail attacks on Web site operators who refused to pay protection money shows the involvement of organized crime with hackers and virus writers.
It could be the first clear indication, they warned, that criminals are activating the legions of compromised computers infected with the SoBig and MyDoom viruses and worms that open back-door access to hackers.
Crime Gangs Branching Out
Internet security experts say there is little doubt about the involvement of international crime gangs in these e-mailed threats. Thomas Patterson, a former regional partner overseeing EMEA for Deloitte & Touche Security Services Group, said it takes criminals with money to assemble the machinery to orchestrate the e-mail attacks.
"Organized crime has always been about money, and there is definitely money at the end of a hostile or fraudulent Internet attack," he said. "Some of these larger-scale scams do cost some money to put together. They are likely to be based in countries that do not yet have sophisticated computer security and a legal system that jails perpetrators."
The British Internet security firm mi2g Intelligence Unit -- in a written statement earlier this month -- said there is a correlation between organized crime and hacking attacks that are both politically and ideologically motivated. Attacks and physical militant activity against government targets and large global businesses are increasing with every passing month, according to the mi2g Intelligence Unit's written report.
Transnational Crime Syndicates
The British security firm said the culprits include transnational criminal syndicates that are increasingly involved in human trafficking, trade in narcotics, contraband, counterfeit goods, digital entertainment, child pornography and software piracy.
The same crime groups, according to the report, have added activities that focus on large-scale financial fraud, online phishing scams, spam campaigns, hacker attacks and malicious code production.
"The criminals aren't necessarily the Mafia; some Mid-Eastern and Asian crime gangs are looking to the Internet to use the same old extortion threats. It's the same old story; just a new place to play," said Patterson.
"Some of these activities were figured out by kids and are now being done by criminal ventures. It's happening because the Internet is unregulated and using it [to extort money] is easier than kidnapping a company official," he said.
Pay Now or Pay Later
The news media was filled with extortion stories prior to Super Bowl weekend. Those reports told of online sports betting Web sites being hit by sustained DDoS attacks. Those attacks, leveled against betting parlors that refused to pay, kept the targeted Web sites offline -- and thus out of business -- for weeks.
The e-mail threats invited the recipients to pay the protection money or face tens of thousands of dollars in lost wagers and customers when the attackers shut down the Web sites. Some Web site owners said instructions told them to wire US$40,000 or pay the bigger price the attack would cause.
Paul Lawrence, general manager for European Operations at Top Layer Networks, said Web site operators are starting to understand that they need more sophisticated hardware solutions to protect themselves from this new level of Internet extortion hacking. He said firewalls are fine to a point, but now sites need higher levels of protection.
Some victims pay the extortion price and then check into hardware solutions, said Lawrence. "New technology can block these DDoS attacks and solve the problem. We are seeing a brute-force attack that is repulsed, tried again and then stopped. After a few repeat attacks, the attackers move on to other unprotected Web sites," he noted.
Money Trails Lead Nowhere
The mi2g Intelligence Unit estimates that $200 billion is channeled through untraceable man-to-man financial networks. One such banking network is Hawala banking. It is controlled through bankers in Pakistan, United Arab Emirates, Egypt and Switzerland. It is active in more than 150 countries.
"We had thought that the Super Bowl would be the peak, but now we are seeing activity in Europe on high-profile sporting sites," Lawrence told TechNewsWorld.
It is obvious that some of the targeted victims decided to pay the protection demands, said Lawrence. The protection money demanded isn't so much that the victim is reluctant to pay.
"At first it was forced on gaming Web sites. But now we have seen hits on financial Web sites in Europe," he told TechNewsWorld.
Lawrence said following the money trail after the extortion victim pays is futile. "Law enforcement authorities have tracked the money. It's just like the guy dealing drugs. Following the money trail is not getting to the organizational leaders," he explained.
ID Theft a Related Scheme
Patterson, whose has written a soon-to-be-released book on Internet security issues, titled Mapping Security, said a technique known as black-holing makes victims of users who access targeted financial and gaming Web sites.
The criminals fostering the black-holing scam hijack a victim Web site, such as a bank or a gambling site. Everyone from a particular country who tries to link to the hijacked Web site is surreptitiously redirected to an identical-looking site run by the thieves. They let visitors log in and collect their user IDs and passwords. Then they pass the visitors straight through to the real location.
Patterson said it does not matter what defenses the Web site has put in place internally. It is still at risk.
"With black-holing, the thieves are exploiting a weakness in the DNS, which is at the core of the Internet itself. Many of these black-hole attacks have been traced to countries without a strong computer crime legal infrastructure, like some Latin American countries, CIS and China," he told TechNewsWorld.
This is the purview of organized crime. Patterson said they will hit companies that are weak online and where there is financial gain to be had either by stealing something -- like credit card numbers or identity info -- or by holding the site hostage with a DDoS attack. Sometimes, even a simple threat is enough to make the scam work.
Not a Hopeless Cause
Web site operators are not yet responding with fear or panic. Top Layer's Lawrence said there is general concern across the industry as a whole.
Security experts hope continued cooperation among international agencies will keep Internet criminals at bay.
"As for cooperation on the good-guy side, countries can and do work together within the G7 framework, Interpol and a series of less formal but very important multilateral agreements," said Patterson.