DDoS protection racket targets online bookies

Extortionate demands

Organised criminals are using distributed denial of service (DDoS) attacks to force online bookmakers into protection rackets, a British security consultancy claims.

Information Risk Management says it is aware of DDoS extortion attempts against three, unnamed, online bookies. According to Neil Barrett, technical director, this is the "online equivalent of heavies coming around to a shop and making veiled threats about how easy stock could burn before demanding 'insurance' money".

Victims are subjected first to a network-based denial of service attack, which can render their site unavailable for a time. When this eases, they are approached by an "Internet security consultancy" which promises that attacks can be stopped, in return for a monthly payment.

Requests for payment from the criminals involved appeared to go through Russia, though the provenance of the gang, or gangs, is uncertain. Firms who experience such extortion threats should contact the police, Barrett advises.

The DDoS protection scam is another example of criminals re-inventing favourite scams for the Internet.

In March the FBI warned that Eastern European crackers had spent a year systematically exploiting known NT vulnerabilities to raid online banking and ecommerce systems.

More than 40 companies were subject to attacks and more than a million credit cards were thought to have been stolen, provoking the FBI to take the highly unusual step of providing details of an ongoing investigation in the hopes of limiting further damage. ®

Related stories

Russian Mafia uses NT flaws to raid Internet banks
Police urge business to report hi-tech crimes
European police ill-equipped to tackle cybercrime
IIS über-patch claims to wipe out all old Web server flaws
Amazon, despite denials, was warned about hack
Hackers, Windows NT and the FBI

Sponsored: 10 ways wire data helps conquer IT complexity