Imagine running a successful website and getting an email demanding that you pay $500.00 so that your site will remain in operation. The SANS (SysAdmin, Audit, Network, Security) Institute reports that six or seven thousand organizations are paying online extortion demands (see
ZDNet).
One online gaming site reported getting a demand for $40,000, they didn't pay. The next day their site crashed hard as result of a denial of service attack. The online extortion racket is a growing industry. Just when we've about had it with spam, viruses, spyware and adware, along comes an online goon demanding protection fees to allow our site to continue operation.
Could it happen to your online business? Yes, and worse yet, your own home computer could be one of the resources that the goons use to shutdown your website. The goons control thousands of Zombie computers infected with viruses that can be activated to target specific websites (and you thought it was just Microsoft that was the target). You don't pay up and the goons fire up a couple of thousand or a hundred thousand Zombies to attack your website
If you're a US based company and get hit with one of these demands, don't hesitate, report it to the FBI immediately. Non-US business should seek out resources available in your country. Don't bow down to the goons.
Wat a travesty! ou know if these creative goons started putting their talents to good use, they might even succeed. As if we don't have enough concerns with the viruses and trojans and all the other nonsense.
Online extortion - what will they think of next?
A few years back Steve Gibson was telling us of a DDOS attack on his servers done by the script kiddies (an 11 year old in Wisconsin) and I was wondering how long it would be before it went from cyber-vandalism to cyber-extortion.
In the years prior to Windows 2000 the law enforcement community had a reasonable chance of catching these criminals but Microsoft in its wisdom released WinXP with RAW Sockets, which were open by default. This allowed these scripters to attack site servers with anonymity for as you know these sockets have no ID trace-ability.
This situation was brought to Microsoft’s attention but they turned a deaf ear to the problems they were creating.
This Raw Socket access has allowed the malicious hacker the opportunity to hack into anyone’s computer that is running XP without detection (unless you are running a firewall and at least a couple of good Anti-Virus programs and still that is no guarantee) and use them as zombies in a DDOS attack. Due to the security issues with Microsoft’s products it is more venerable to these attacks than OSs such as Unix or Linux which also have RAW Sockets but because of the security in these OSs they are harder to access. Also the fact that in Unix and Linux these sockets are off by default and must be turned on.
So once again we have Microsoft to thank for supporting our local criminals. As McDonalds is known for its support of youth around the world so Microsoft can now be known for its support of these kiddy vandals helping them grow into full-fledged cyber criminals. Thank you Microsoft for your efforts to build programs that allow for the furtherment of the aspirations among our youth. By the way the youth in Wisconsin had his computer removed and by court instruction was not supposed to have access to one till he turned 18 but with the opening of raw sockets by Microsoft, at 13 he no-doubt has found his sentence commuted for unless someone tells on him who will be able to find out if he is at it again.
At least that is the way I see it.
Jimm (GrayWolf)