Software // Enterprise Applications
News
9/10/2004
06:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Extortion Online

Technology can help fight the growing cyberextortion threat, but experts say not enough companies are prepared

It's the kind of E-mail that grabs you by the collar and doesn't let go. On a Saturday afternoon last January, a message hit the in-box of BetCBSports.com, threatening to knock the online gambling site offline in prime sports-betting season if the company didn't pay up.

"You have 3 choices. You can make a deal with us now before the attacks start. You can make a deal with us when you are under attack. You can ignore us and plan on losing your Internet business," the E-mail read.

A denial-of-service attack knocked WagerWeb offline for about a day, senior VP and oddsmaker Johnson says.

A denial-of-service attack knocked WagerWeb offline for about a day, senior VP and oddsmaker Dan Johnson says. Photo by Carlos Charpentier/Live Images

Photo by Carlos Charpentier/Live Images
It was no bluff. Within three hours, the site was taken down by what's known as a distributed denial- of-service attack. The first attack lasted five minutes and then ceased. "They were showing us what they could do," says Thomas Burns, who runs the business-technology systems for what's now known as WagerWeb.com, operated by CasaBlanca Gaming.

Such threats happen more often than most people realize. A survey by Carnegie Mellon University's H. John Heinz III School of Public Policy, in conjunction with InformationWeek's Summer Research Fellowship, found extortion attacks are surprisingly common: 17% of the 100 companies surveyed say they've been the target of some form of cyberextortion. The study, authored by graduate student Gregory M. Bednarski, queried small and midsize businesses about cyberextortion and other types of computer fraud.

The findings come as no surprise to FBI special agent Thomas Grasso, who helped with the study. "The majority of the cybercrimes we investigate involve some type of monetary motivation," Grasso says. "This business of people going out and compromising sites just to prove how much they know is a myth."

WagerWeb was knocked offline for about a day, says Dan Johnson, senior VP and senior oddsmaker at the site. Rather than pay off the attackers, the company called on its technical forces to build a defense and enlisted the help of Internet security-services provider Prolexic Technologies Inc. The vendor's services, at about $100,000 a year, aren't cheap. But, "I'd rather pay the $100,000 than pay the extortionists," Johnson says. The gamble paid off. "As soon as we got the service running, the attack stopped," technology manager Burns says.

Cyberextortion mostly travels under the radar, but not always. Earlier this year, Myron Tereshchuk, 42, of Maryland, pleaded guilty to one count of attempting to extort $17 million from intellectual-property company MicroPatent LLC. He faces up to 20 years in jail. Tereshchuk threatened to leak confidential information and launch denial-of-service attacks against intellectual-property attorneys worldwide if he wasn't paid.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.