Feeds

Casino DDoS duo caged for five years after blackmail buyout threat

Polish crims demanded 50% of gambling biz, on pain of firm-killing cyber attacks

Internet Security Threat Report 2014

A pair of cyber-extortionists who attempted to blackmail a Manchester-based online casino with threats of unleashing a debilitating denial of service attack have been jailed for five years and four months.

Piotr Smirnow, 31, of Tawerny, Warsaw, Poland, and Patryk Surmacki, 35, of Szezecin, Poland, pleaded guilty at Manchester Crown Court to two offences each of blackmail and one offence of computer hacking: unauthorised acts on computers contrary to the Computer Misuse Act 1990.

Both men were sentenced on Wednesday to five years and four months in prison following a complex investigation that climaxed in a successful sting at a plush Heathrow Airport hotel.

The case centred on two victims, one of which owns a Manchester-based online casino business and the other a USA-based chief exec of an internet software platform that hosted a multitude of on-line companies.

Smirnow and Surmacki, programmers who worked in the online gaming business and knew their target through their professional interactions approached him with a "business proposition". The offer of a meeting was initially decided before the two meet their intended victim and demanded half the stake in his £30m online business under the threat of using a Kiev, Ukraine-based hacker to "take down" the online casino's servers, effectively preventing it from trading, unless their demands were met.

When the "offer" was rebuffed an online assault was launched in early August for around five hours, costing the casino an estimated $15,000 in the process. After this the owner of the business who provided the platform for the online casino site and other firm offered to mediate, and spoke with the hackers via Skype before agreeing to a meeting at Heathrow.

This third-party (whose business suffered collateral damage from the initial attack) contacted police who set up a sting operation that captured the cybercrooks' admission of organising the original denial of service attacks and related threats. "The pair claimed they’d shown their power and it wouldn’t stop until the internet source codes for his business were handed over," a police statement on the case explains. "The CEO refused to provide them so they both became annoyed and said they were now ‘going to war’."

The duo were arrested by police who had captured the whole exchange on video as soon as the meeting broke up.

A Greater Manchester Police statement on the case, including extensive quotes from investors and other relevant parties along with a video clip from the sting - can be found here. GMP was assisted by the National Crime Agency and the Crown Prosecution Service throughout the operation.

Detective Inspector Chris Mossop, of the Serious Crime Division, said Smirnow and Surmacki's "greed was ultimately their downfall as they failed to reckon with the victims’ bravery in the face of extreme intimidation". “This was a very complex, dynamic investigation that centred on an emerging global cyber-threat. Denial of service attacks have become increasingly common offences in recent years and can have a devastating effect on the victim’s on-line business," he added.

The Manchester victim welcomed the decision of the court to sentence Smirnow and Surmacki to a lengthy jail terms. “I am grateful for the assistance to me provided by the police in this matter," he said. "This case made me fear for my personal safety as well as for the future of my business, which is why I felt compelled to take action against the perpetrators of this crime. No one should have to succumb to blackmail and this sentence should act as a warning to those involved in cyber-extortion that the police and the courts will view this type of conduct very seriously.”

More on the case can be found in stories by Sky News (here). ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.