Feeds

Casino DDoS duo caged for five years after blackmail buyout threat

Polish crims demanded 50% of gambling biz, on pain of firm-killing cyber attacks

3 Big data security analytics techniques

A pair of cyber-extortionists who attempted to blackmail a Manchester-based online casino with threats of unleashing a debilitating denial of service attack have been jailed for five years and four months.

Piotr Smirnow, 31, of Tawerny, Warsaw, Poland, and Patryk Surmacki, 35, of Szezecin, Poland, pleaded guilty at Manchester Crown Court to two offences each of blackmail and one offence of computer hacking: unauthorised acts on computers contrary to the Computer Misuse Act 1990.

Both men were sentenced on Wednesday to five years and four months in prison following a complex investigation that climaxed in a successful sting at a plush Heathrow Airport hotel.

The case centred on two victims, one of which owns a Manchester-based online casino business and the other a USA-based chief exec of an internet software platform that hosted a multitude of on-line companies.

Smirnow and Surmacki, programmers who worked in the online gaming business and knew their target through their professional interactions approached him with a "business proposition". The offer of a meeting was initially decided before the two meet their intended victim and demanded half the stake in his £30m online business under the threat of using a Kiev, Ukraine-based hacker to "take down" the online casino's servers, effectively preventing it from trading, unless their demands were met.

When the "offer" was rebuffed an online assault was launched in early August for around five hours, costing the casino an estimated $15,000 in the process. After this the owner of the business who provided the platform for the online casino site and other firm offered to mediate, and spoke with the hackers via Skype before agreeing to a meeting at Heathrow.

This third-party (whose business suffered collateral damage from the initial attack) contacted police who set up a sting operation that captured the cybercrooks' admission of organising the original denial of service attacks and related threats. "The pair claimed they’d shown their power and it wouldn’t stop until the internet source codes for his business were handed over," a police statement on the case explains. "The CEO refused to provide them so they both became annoyed and said they were now ‘going to war’."

The duo were arrested by police who had captured the whole exchange on video as soon as the meeting broke up.

A Greater Manchester Police statement on the case, including extensive quotes from investors and other relevant parties along with a video clip from the sting - can be found here. GMP was assisted by the National Crime Agency and the Crown Prosecution Service throughout the operation.

Detective Inspector Chris Mossop, of the Serious Crime Division, said Smirnow and Surmacki's "greed was ultimately their downfall as they failed to reckon with the victims’ bravery in the face of extreme intimidation". “This was a very complex, dynamic investigation that centred on an emerging global cyber-threat. Denial of service attacks have become increasingly common offences in recent years and can have a devastating effect on the victim’s on-line business," he added.

The Manchester victim welcomed the decision of the court to sentence Smirnow and Surmacki to a lengthy jail terms. “I am grateful for the assistance to me provided by the police in this matter," he said. "This case made me fear for my personal safety as well as for the future of my business, which is why I felt compelled to take action against the perpetrators of this crime. No one should have to succumb to blackmail and this sentence should act as a warning to those involved in cyber-extortion that the police and the courts will view this type of conduct very seriously.”

More on the case can be found in stories by Sky News (here). ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.