Casino DDoS duo caged for five years after blackmail buyout threat
Polish crims demanded 50% of gambling biz, on pain of firm-killing cyber attacks
A pair of cyber-extortionists who attempted to blackmail a Manchester-based online casino with threats of unleashing a debilitating denial of service attack have been jailed for five years and four months.
Piotr Smirnow, 31, of Tawerny, Warsaw, Poland, and Patryk Surmacki, 35, of Szezecin, Poland, pleaded guilty at Manchester Crown Court to two offences each of blackmail and one offence of computer hacking: unauthorised acts on computers contrary to the Computer Misuse Act 1990.
Both men were sentenced on Wednesday to five years and four months in prison following a complex investigation that climaxed in a successful sting at a plush Heathrow Airport hotel.
The case centred on two victims, one of which owns a Manchester-based online casino business and the other a USA-based chief exec of an internet software platform that hosted a multitude of on-line companies.
Smirnow and Surmacki, programmers who worked in the online gaming business and knew their target through their professional interactions approached him with a "business proposition". The offer of a meeting was initially decided before the two meet their intended victim and demanded half the stake in his £30m online business under the threat of using a Kiev, Ukraine-based hacker to "take down" the online casino's servers, effectively preventing it from trading, unless their demands were met.
When the "offer" was rebuffed an online assault was launched in early August for around five hours, costing the casino an estimated $15,000 in the process. After this the owner of the business who provided the platform for the online casino site and other firm offered to mediate, and spoke with the hackers via Skype before agreeing to a meeting at Heathrow.
This third-party (whose business suffered collateral damage from the initial attack) contacted police who set up a sting operation that captured the cybercrooks' admission of organising the original denial of service attacks and related threats. "The pair claimed they’d shown their power and it wouldn’t stop until the internet source codes for his business were handed over," a police statement on the case explains. "The CEO refused to provide them so they both became annoyed and said they were now ‘going to war’."
The duo were arrested by police who had captured the whole exchange on video as soon as the meeting broke up.
A Greater Manchester Police statement on the case, including extensive quotes from investors and other relevant parties along with a video clip from the sting - can be found here. GMP was assisted by the National Crime Agency and the Crown Prosecution Service throughout the operation.
Detective Inspector Chris Mossop, of the Serious Crime Division, said Smirnow and Surmacki's "greed was ultimately their downfall as they failed to reckon with the victims’ bravery in the face of extreme intimidation". “This was a very complex, dynamic investigation that centred on an emerging global cyber-threat. Denial of service attacks have become increasingly common offences in recent years and can have a devastating effect on the victim’s on-line business," he added.
The Manchester victim welcomed the decision of the court to sentence Smirnow and Surmacki to a lengthy jail terms. “I am grateful for the assistance to me provided by the police in this matter," he said. "This case made me fear for my personal safety as well as for the future of my business, which is why I felt compelled to take action against the perpetrators of this crime. No one should have to succumb to blackmail and this sentence should act as a warning to those involved in cyber-extortion that the police and the courts will view this type of conduct very seriously.”
More on the case can be found in stories by Sky News (here). ®
Sponsored: Becoming a Pragmatic Security Leader