Online Extortion Bust Highlights Profit, Problem

Security experts are praising the international bust of a Russian Internet extortion ring, but they also warn that cyber strong-arm schemes -- which use viruses, worms, trojans and the threat of denial of service (DoS) attacks -- are increasing and spreading to different targets, including e-commerce and financial transaction sites.

The UK's National Hi-Tech Crime Unit (NHTCU) and authorities in Russia announced this week that they had arrested three key members of a Russian gang who allegedly were involved in extortion and money-laundering using the Internet. The gang allegedly bombarded UK gambling sites with message packets in DoS attacks, then e-mailed demands for money to cease the attacks for a year, after which they would resume.

Gartner (NYSE: IT) research Vice President Richard Stiennon, who pointed to such a scheme as responsible for the amount of variant viruses in the so-called "worm war" last spring, said the arrests are likely to deter the extortion activity, which has already spread to credit card and other payment-processing sites.

"This is the best news we've seen in security for a long, long time," Stiennon told TechNewsWorld. "It won't take many crackdowns [to have an effect]. In the past, crackdowns like this have really affected what people do. We could see a slowing of viruses and worms as a direct result of this."

Global Protection Racket

UK and Russian authorities said the suspects -- arrested in raids in St. Petersburg, and the Saratov and Stavropol regions of southwest Russia -- ran a global protection racket netting hundreds of thousands of dollars from online gaming sites beginning in October 2003.

Online bookies in the UK have been subject to the attacks since then, but UK and Russian authorities had also been working together to track down and arrest the three alleged gang members, ages 21 to 24.

As part of an investigation involving authorities in the UK, Russia, the Central Asian republics and the Baltic states, 10 members of the group were arrested last November in Latvia. Those arrests helped officials track the financial trail that led to the "gangsters," the NHTCU said in a statement.

"Thanks to the response of all the parties involved, we have helped to dismantle a determined group of organized criminals," detective chief superintendent Len Hynds, who heads the NHTCU, said. "The clear message we are sending is that if you attack firms based in the UK, we will find you and stop you," he said.

Worms Make for Crime

Stiennon said while it did not account for all of the Bagle, Netsky, MyDoom and other virus variants that were bantered about the Internet during the weeks of the "worm war" earlier this year, the heavy virus activity was a part of the extortion scheme busted this week.

"The worm writers this time around are really cyber criminals in Russia," Stiennon told TechNewsWorld last March. "They're using [the worms] to recruit bots [compromised computers] to launch denial-of-service attacks, mostly against online gaming sites, after failing to extort large payments from the sites."

Stiennon this week said similar attack-extortion efforts are likely to continue, but he was encouraged to see the cooperation of UK, Russian and other officials.

"There's obviously going to be copycats because there's real profit motive there, but if Russia gets serious about cracking down, it'll move," Stiennon said.

Soft Targets Hit Hard

Ken Dunham, director of malicious code intelligence for iDefense, told TechNewsWorld the number of cyber extortion cases is on the rise, with companies that depend on big events, such as the Superbowl or horse racing, being attacked during key business opportunities.

Dunham, who was preparing a report on the subject of online extortion scams, said an increasing number of sites are pressured to pay US$10,000 to $50,000 per attack, $100 per day, or other amounts to avoid site outage. At the same time, "hackers for hire" that offer to hit sites for certain amounts of time, and "bot or zombie armies" -- tens of thousands of compromised computers used for DoS attacks -- that are available for rental by attackers, are also increasing.

"The big problem is the increasing number of broadband, high-speed connections that are getting Trojans and are used for dedicated denial of service attacks makes it easy to get zombies together," Dunham said. "There's money to be made and you also have an upstream commoditization of hackers for hire."

Dunham added that while there is little companies can do to stop DoS attacks, they open themselves up to more extortion by paying to stop them.

"If you pay, you get hit up for a whole lot more real quick," Dunham said.