Friday, November 12, 2004
Online extortion rings are becoming more prevalent and capable of inflicting increasing amounts of damage. Alan Paller, of the SANS institute, a security training organization, calls this new phenomenon an "epidemic."
Card Services International, a Kentucky-based credit-card processing firm, found out the hard way. The firm received an email giving an ultimatum: "You can ignore this email and try to keep your site up, which will cost you tens of thousands of dollars ... or you can send us $10K by Western Union to make sure your site experiences no problem. If you choose not to pay for our help, then you will probably not be in business much longer, as you will be under attack each weekend for the next 20 weeks." Card Services International didn't pay the $10K ransom and, sure enough, it lost a week's worth of income before blocking the attack and prompting an FBI investigation.
Skepticism of such computer "hijackings" exists because the news of such extortion claims often comes from companies specializing in the sales of software designed to protect against such attacks. Nevertheless, some companies that are dependant on their web pages for their income, such as online gambling companies, end up bowing to the threats and making the payoffs, reluctant to take the risk.
To read more about this 21st Century crime, click here.