E-commerce Targeted By Blackmailers

[bongme]

hi

Russia has high net access and low regulation

Wednesday, 26 November, 2003

Law enforcement agencies are investigating an increasing number of reports of organised criminal gangs carrying out denial-of-service (DDos) attacks - with the specific intention of blackmailing companies.

A DDos attack, of the kind that brought down the WorldPay system earlier this month, floods a website with computer-generated requests.

Now, some organised criminals are using the threat of inflicting such an attack, which can cost vast amounts of money to the company, as a means of extortion.

"Criminal syndicates operating from Russia have targeted large online payment systems belong to gambling sites," DK Matai of MI2G, which monitors unauthorised computer hacking, told BBC World Service's Analysis programme.

"In some cases the criminal syndicates have made subsequent phone calls and said, 'look, you have to pay us $40,000 or $50,000 before we will stop mounting these DDos attacks. If you don't pay us, then be ready for another day of disruption for your customers'."

"Some companies, because they are making more than $50,000 per week, have agreed to pay that money."

Cashing in

DDos attacks work by flooding a website with malicious traffic, causing it to slow down.

When this happens, customers become frustrated with waiting and go elsewhere.

Some DDos attacks even cause a site to crash completely, costing a site potentially hundreds of thousands of dollars in lost revenue.

MI2G estimate that the damage to the global economy in terms of both denial of service and productivity losses reached over $10bn in October alone.

The company works closely with the FBI in the US and Britain's Hi-Teach National Crime Unit.

It has identified Russia - along with other emerging middle-income nations such as India, China and Brazil - as the country where many of the criminal hackers appear to be based.

"It is pretty obvious to me that the scale of this activity in Russia is quite serious, because we keep hearing about computer crime happening every day, included extortion of computer companies," Anton Nosic, who runs Russia's biggest internet news agency, told Analysis.

"In Russia, the anonymity of people living here is overwhelming, because no databases of population are computerised.

"People are not tracked by any authority. Anonymity in internet usage is dirt cheap.

"You can buy an internet card and use it at any number, or you can come into an internet cafe - there are hundreds in Moscow - and start anonymously doing absolutely anything," he said.

Cyber victims

In these countries, cyber criminals are able to take advantage of a rapidly-expanding internet base, high levels of computer expertise, but few effective controls.

"Russian anti-computer crime laws simply don't work," Mr Nosic added.

"Therefore it's as good as legal in Russia to participate in such attacks.

"Even if our law enforcement authorities are aware of many such attacks, they cannot start acting without an explicit request from the victim."

But since businesses themselves are unwilling to admit they are being targeted, this request does not come very often.

Instead, companies order the creation of software that can look for weak spots in their protection and make them secure, so that only legitimate traffic can get to the site.

But the fact that the starting rate for this development is $50,000 shows the extent of the damage that one DDos attack can cause.

Bongme