Extortion Online - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Extortion Online

Technology can help fight the growing cyberextortion threat, but experts say not enough companies are prepared

It's the kind of E-mail that grabs you by the collar and doesn't let go. On a Saturday afternoon last January, a message hit the in-box of BetCBSports.com, threatening to knock the online gambling site offline in prime sports-betting season if the company didn't pay up.

"You have 3 choices. You can make a deal with us now before the attacks start. You can make a deal with us when you are under attack. You can ignore us and plan on losing your Internet business," the E-mail read.

A denial-of-service attack knocked WagerWeb offline for about a day, senior VP and oddsmaker Johnson says.

A denial-of-service attack knocked WagerWeb offline for about a day, senior VP and oddsmaker Dan Johnson says. Photo by Carlos Charpentier/Live Images

Photo by Carlos Charpentier/Live Images
It was no bluff. Within three hours, the site was taken down by what's known as a distributed denial- of-service attack. The first attack lasted five minutes and then ceased. "They were showing us what they could do," says Thomas Burns, who runs the business-technology systems for what's now known as WagerWeb.com, operated by CasaBlanca Gaming.

Such threats happen more often than most people realize. A survey by Carnegie Mellon University's H. John Heinz III School of Public Policy, in conjunction with InformationWeek's Summer Research Fellowship, found extortion attacks are surprisingly common: 17% of the 100 companies surveyed say they've been the target of some form of cyberextortion. The study, authored by graduate student Gregory M. Bednarski, queried small and midsize businesses about cyberextortion and other types of computer fraud.

The findings come as no surprise to FBI special agent Thomas Grasso, who helped with the study. "The majority of the cybercrimes we investigate involve some type of monetary motivation," Grasso says. "This business of people going out and compromising sites just to prove how much they know is a myth."

WagerWeb was knocked offline for about a day, says Dan Johnson, senior VP and senior oddsmaker at the site. Rather than pay off the attackers, the company called on its technical forces to build a defense and enlisted the help of Internet security-services provider Prolexic Technologies Inc. The vendor's services, at about $100,000 a year, aren't cheap. But, "I'd rather pay the $100,000 than pay the extortionists," Johnson says. The gamble paid off. "As soon as we got the service running, the attack stopped," technology manager Burns says.

Cyberextortion mostly travels under the radar, but not always. Earlier this year, Myron Tereshchuk, 42, of Maryland, pleaded guilty to one count of attempting to extort $17 million from intellectual-property company MicroPatent LLC. He faces up to 20 years in jail. Tereshchuk threatened to leak confidential information and launch denial-of-service attacks against intellectual-property attorneys worldwide if he wasn't paid.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll