Technology can help fight the growing cyberextortion threat, but experts say not enough companies are prepared
It's the kind of E-mail that grabs you by the collar and doesn't let go. On a Saturday afternoon last January, a message hit the in-box of BetCBSports.com, threatening to knock the online gambling site offline in prime sports-betting season if the company didn't pay up.
"You have 3 choices. You can make a deal with us now before the attacks start. You can make a deal with us when you are under attack. You can ignore us and plan on losing your Internet business," the E-mail read.
A denial-of-service attack knocked WagerWeb offline for about a day, senior VP and oddsmaker Dan Johnson says. Photo by Carlos Charpentier/Live Images
Photo by Carlos Charpentier/Live Images
It was no bluff. Within three hours, the site was taken down by what's known as a distributed denial- of-service attack. The first attack lasted five minutes and then ceased. "They were showing us what they could do," says Thomas Burns, who runs the business-technology systems for what's now known as WagerWeb.com, operated by CasaBlanca Gaming.
Such threats happen more often than most people realize. A survey by Carnegie Mellon University's H. John Heinz III School of Public Policy, in conjunction with InformationWeek's Summer Research Fellowship, found extortion attacks are surprisingly common: 17% of the 100 companies surveyed say they've been the target of some form of cyberextortion. The study, authored by graduate student Gregory M. Bednarski, queried small and midsize businesses about cyberextortion and other types of computer fraud.
The findings come as no surprise to FBI special agent Thomas Grasso, who helped with the study. "The majority of the cybercrimes we investigate involve some type of monetary motivation," Grasso says. "This business of people going out and compromising sites just to prove how much they know is a myth."
WagerWeb was knocked offline for about a day, says Dan Johnson, senior VP and senior oddsmaker at the site. Rather than pay off the attackers, the company called on its technical forces to build a defense and enlisted the help of Internet security-services provider Prolexic Technologies Inc. The vendor's services, at about $100,000 a year, aren't cheap. But, "I'd rather pay the $100,000 than pay the extortionists," Johnson says. The gamble paid off. "As soon as we got the service running, the attack stopped," technology manager Burns says.
Cyberextortion mostly travels under the radar, but not always. Earlier this year, Myron Tereshchuk, 42, of Maryland, pleaded guilty to one count of attempting to extort $17 million from intellectual-property company MicroPatent LLC. He faces up to 20 years in jail. Tereshchuk threatened to leak confidential information and launch denial-of-service attacks against intellectual-property attorneys worldwide if he wasn't paid.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.