Security experts are praising the international bust of a Russian Internet extortion ring, but they also warn that cyber strong-arm schemes — which use viruses, worms, trojans and the threat of denial of service (DoS) attacks — are increasing and spreading to different targets, including e-commerce and financial transaction sites.
The UK’s National Hi-Tech Crime Unit (NHTCU) and authorities inRussia announced this week that they had arrested three key members of a Russian gang who allegedly were involved in extortion and money-laundering using the Internet. The gang allegedly bombarded UK gambling sites with message packets in DoSattacks, then e-mailed demands for money to cease the attacks for a year, after whichthey would resume.
Gartner research Vice President Richard Stiennon, who pointed to sucha scheme as responsible for the amount of variant viruses in the so-called”worm war” last spring, said the arrests are likely to deter theextortion activity, which has already spread to credit card and other payment-processing sites.
“This is the best news we’ve seen in security for a long, long time,”Stiennon told TechNewsWorld. “It won’t take many crackdowns [to have aneffect]. In the past, crackdowns like this have really affected whatpeople do. We could see a slowing of viruses and worms as a direct result ofthis.”
Global Protection Racket
UK and Russian authorities said the suspects — arrested in raidsin St. Petersburg, and the Saratov and Stavropol regions of southwestRussia — ran a global protection racket netting hundreds of thousands of dollarsfrom online gaming sites beginning in October 2003.
Online bookies in the UK have been subject to the attacks since then,but UK and Russian authorities had also been working together to track downand arrest the three alleged gang members, ages 21 to 24.
As part of an investigation involving authorities in the UK, Russia,the Central Asian republics and the Baltic states, 10 members of the groupwere arrested last November in Latvia. Those arrests helpedofficials track the financial trail that led to the “gangsters,” the NHTCU said ina statement.
“Thanks to the response of all the parties involved, we have helpedto dismantle a determined group of organized criminals,” detectivechief superintendent Len Hynds, who heads the NHTCU, said. “The clear message we are sending is that if you attack firms based in the UK, we will find youand stop you,” he said.
Worms Make for Crime
Stiennon said while it did not account for all of the Bagle, Netsky,MyDoom and other virus variants that were bantered about the Internetduring the weeks of the “worm war” earlier this year, the heavy virus activitywas a part of the extortion scheme busted this week.
“The worm writers this time around are really cyber criminals inRussia,” Stiennon told TechNewsWorld last March. “They’re using [the worms] torecruit bots [compromised computers] to launch denial-of-serviceattacks, mostly against online gaming sites, after failing to extort largepayments from the sites.”
Stiennon this week said similar attack-extortion efforts are likelyto continue, but he was encouraged to see the cooperation of UK, Russianand other officials.
“There’s obviously going to be copycats because there’s real profitmotive there, but if Russia gets serious about cracking down, it’llmove,” Stiennon said.
Soft Targets Hit Hard
Ken Dunham, director of malicious code intelligence for iDefense,told TechNewsWorld the number of cyber extortion cases is on the rise, withcompanies that depend on big events, such as the Superbowl or horseracing, being attacked during key business opportunities.
Dunham, who was preparing a report on the subject of online extortionscams, said an increasing number of sites are pressured to pay US$10,000to $50,000 per attack, $100 per day, or other amounts to avoid site outage.At the same time, “hackers for hire” that offer to hit sites for certainamounts of time, and “bot or zombie armies” — tens of thousands ofcompromised computers used for DoS attacks — that are available forrental by attackers, are also increasing.
“The big problem is the increasing number of broadband, high-speedconnections that are getting Trojans and are used for dedicated denialof service attacks makes it easy to get zombies together,” Dunham said.”There’s money to be made and you also have an upstream commoditizationof hackers for hire.”
Dunham added that while there is little companies can do to stop DoSattacks, they open themselves up to more extortion by paying to stopthem.
“If you pay, you get hit up for a whole lot more real quick,” Dunhamsaid.