Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Businesses The Internet

Gangs Extort Companies With DDoS Attacks 423

Pcol writes "The Financial Times reports that gangs based in Eastern Europe have been launching attacks on corporate networks costing the companies millions of dollars in lost business and exposing them to blackmail. Sites have been asked to pay up to ensure they are free from Distributed Denial of Service attacks for a year. One detective reported, 'If the demand comes in for $40,000-50,000, compared to the losses they're suffering, there's an attraction for the companies to pay and hope it goes away. But there's nothing to say it will go away.'"
This discussion has been archived. No new comments can be posted.

Gangs Extort Companies With DDoS Attacks

Comments Filter:
  • by waytoomuchcoffee ( 263275 ) on Wednesday November 12, 2003 @02:27PM (#7455738)
    For /.?
  • Fine. Let them! (Score:5, Insightful)

    by freeze128 ( 544774 ) on Wednesday November 12, 2003 @02:29PM (#7455767)
    The gangs can *TRY* to extort money, but in the long run, it would be cheaper to hire consultants or better administrators. This will have the effect of IMPROVING security worldwide. Thanks European gangs!
    • Companies should be allowed to install horrible software filled with security holes and people should not break into these systems. The corporations own these software packages, and the hacker has no rights. If compuetr science students think they will get more money by extorting these companies so they pay more for administrators, then that is extortion. When you get down to it, this is no different than a criminal breaking and entering into someones house, then saying "the owner left his door unlocked, i
      • ...and people should not break into these systems...

        In theory, this makes some sense. In practice, it does not.

        The fact of the matter is that someone will eventually exploit the security hole. I would much rather have it be some computer science students than a criminal. The computer science students will harmlessly inform me of the security hole (or do something resulting in very little damage). The criminal will steal my passwords and credit card numbers and do some serious damage.

        Your argum


      • Not sure if you are trolling. I'll bite.


        These criminals aren't cracking the systems of the people they're squeezing money from. They're performing a denial of service attack from a bunch of other comprimised systems and demanding money from their targets. It doesn't matter what software their victims have installed. The criminals are exploiting vulnerabilities of the TCP/IP protocol itself.
    • Hiring consultants or better administrators won't help much. This is not about poor security or a bad setup, but about raw bandwidth and server resources that are being drained because other people's setups were compromised.
      Basically, there's nothing you can do (in a technological fashion) about it. Only thing that you can do is hunt them down and sue them; which is not that simple in a global environment.

    • Re:Fine. Let them! (Score:5, Insightful)

      by TheTomcat ( 53158 ) on Wednesday November 12, 2003 @02:41PM (#7455937) Homepage
      What exactly would this consultant / administrative talent DO?

      You have 10,000 zombies firing packets at you, spoofed on random IPs, how do you stop this?

      We had to Akamize our stuff.. and that's extremely pricey (think 2+ salaries).

      S
      • From random IPs?

        If a router were able to know that both the source and destination IP adress lay within a given logical area on the network, maybe it should reject packets that come from the source IP, but from outside the area defined by the souce and destination. This would require the router to be on the border of that region, however.

        I suppose IPSec does that sort of thing automatically.
    • This will have the effect of IMPROVING security worldwide.

      Perhaps, but it also has the effect of damaging a company's public image and stock price by making them look ineffective or unsafe for consumers' data. That's the only reason protection money is paid to hackers.

      Any CEO with a brain knows that if a business is attacked once, it can be attacked more than once -- but appearing vulnerable to one's customers is just compounding the damage. Better, they reason, to pay off the extortionists and then bee

    • ...to pay the 40 grand to a hitman who will fly to Eastern Europe and put a bullet in the heads of the DDoS gang members. Problem solved for everyone, and permanently.

      Heck, my weekend's free. My suitcase is right here. Anybody got $40,000?

    • Re:Fine. Let them! (Score:3, Interesting)

      by mcpkaaos ( 449561 )
      Wait a tic...

      The extortionists want around $40-50K per year, and you think it'd be cheaper to hire consultant(s) or more/better sysadmins instead?

      Who do you work for, again? I'd like to know where not to ever send my resume.
    • hire consultants or better administrators...

      I say hire some bad ass psyco punk to hunt those h4x0rs down and givem a full load... maybe hit them with old routers, stickem fingers on powersources, or better then all, use those printers that can print on stone and wood to tatoo those fuckers "ive been ddosed" on the forehead!!

      Ok... im much more calm now :)

    • Re:Fine. Let them! (Score:5, Informative)

      by Zeinfeld ( 263942 ) on Wednesday November 12, 2003 @03:28PM (#7456477) Homepage
      The gangs can *TRY* to extort money, but in the long run, it would be cheaper to hire consultants or better administrators. This will have the effect of IMPROVING security worldwide. Thanks European gangs!

      Commercial rates for security consultants start at $2,000 per day. People in the middle tier charge as much as $5,000. Big name consultants such as Bruce Schneier can name their price.

      And the fact is that none of us can do diddly against a DDoS attack, except advise you on how to configure bigger pipes and how to get in touch with ISPs quickly to stop the traffic from their networks.

      Occasionally there is a DDoS that has a flawed mode of attack that can be diverted. There have been a couple of attacks against the Whitehouse that were like that. They can divert the attacks because they can get top rank consulting for free in extremis.

      Not paying might be cheaper in the long run, but in the long run we are all dead. The answer is not consultants, it is law enforcement and better infrastructure.

      For example why exactly does anyone need to send a stream of several thousand SYN packets per second from a home computer to the same IP address for several hours at a time? There is simply no reason why a home machine should need to do that, nor should a home machine be sending millions of DNS requests per second to any machine.

      There is a pretty easy fix to DDoS attacks, put intelligence into cable modems and router boxes. Even if there is an option that allows the expert user to turn the checking off the boxes should be shipped in a safe configuration by default and it should not be possible to disable the safety catch without physical access to the modem.

      Congress could encourage ISPs to adopt this type of technology by merely suggesting that ISPs be made liable for attacks mounted from their machines.

      • Until the popular operating systems are locked down sufficiently, we will continue to see zombies. While there are zombies, it is difficult but not impossible to trace who is initiating the attack.

        Rate limiting SYN packets is one answer, but you can DDOS someone just with HTTP GETs if you have enough machine. Just ask a recent /. effect victim.

        The other thing is to just follow the money. This is where the FBI come in. It is *very* difficult now to make a transfer of more than a few thousand dollars thro

  • by Anonymous Coward on Wednesday November 12, 2003 @02:29PM (#7455769)
    So now there's an internet mafia.

    So who's the god father? I vote Al Gore.
  • protection market (Score:5, Insightful)

    by musikit ( 716987 ) on Wednesday November 12, 2003 @02:29PM (#7455778)
    funny thing is with the old mobsters paying protection money to mob A would stop mob B from doing the same.

    what's to stop another DDoS group from doing the same?

    as the movies teach never pay the protection money
    • by Pac ( 9516 )
      In the good old days, the protection package included protection from other gangs. I don't know why the model couldn't be extended to the virtual space - if you DDoS my "clients", I will DDoS you...
    • Re:protection market (Score:5, Interesting)

      by swb ( 14022 ) on Wednesday November 12, 2003 @03:24PM (#7456427)
      There's two kinds of protection:

      One kind is the low-level "Pay me or I wreck shit". In this model, you don't actually get "protection" from anyone else, just the people you paid don't arbitrarily wreck your stuff. If some third party decides to play rough, the people you're paying protection to generally don't care, unless it threatens their protection money (ie, driving a store owner completely out of business).

      The more sophisticated kind of protection generally involves paying someone so that you can operate without interference. Generally this involves handing over a percentage of the operations as a tithe or tribute (and in fact among Italian mafia, it is a historical descendent of the practice of conquered peoples paying tributes to Roman officials). In this case, since the payment is generally dependent on the successful completion of whatever the protected activity is, you'd be more likely to get muscle applied in your favor to keep rivals away. But even then there may be extra money associated with hiring muscle, and often it is an artificial ruse used to obtain larger tributes. (In an episode of the Sopranos, Tony uses a black political agitator to get more tribute out of a construction business that is already paying tribute. He then "breaks up" the black's protest and later splits the take with the black's leaders).
  • by canfirman ( 697952 ) <[ac.oohay] [ta] [52ivadp]> on Wednesday November 12, 2003 @02:30PM (#7455785)
    Nah, a new financing model for SCO.
  • Lunch money (Score:3, Funny)

    by landaker ( 141792 ) <wjl@icecavern.net> on Wednesday November 12, 2003 @02:31PM (#7455798)

    One kid reported, 'If the demand comes in for $4-5, compared to the losses they're suffering, there's an attraction for the wimps to pay and hope it goes away. But there's nothing to say it will go away.'

  • when we could just hold kids for ransom?
  • by jpsst34 ( 582349 ) on Wednesday November 12, 2003 @02:32PM (#7455811) Journal
    I bet it's those damn Jets [wired.com]! They're always trying to stick it to the Sharks [ibm.com].
  • by Mysticalfruit ( 533341 ) on Wednesday November 12, 2003 @02:32PM (#7455824) Homepage Journal
    Firstly, I'm suprised it took this long for something like this to happen. Though I suspect it's been happening for a while. Organized crime has always been ready to utilize new technology in the persuit of money / Power.

    Secondly, How is this different from some company installing spyware/nagware that's not uninstallable and then sending you email asking you to pay 20 bucks for a utility that'll "remove" their piece of software.
    • by signe ( 64498 ) on Wednesday November 12, 2003 @02:38PM (#7455901) Homepage
      Secondly, How is this different from some company installing spyware/nagware that's not uninstallable and then sending you email asking you to pay 20 bucks for a utility that'll "remove" their piece of software.

      Easy. Asking for money to not attack someone's servers is extortion. Your example is an "innovative business model".

      -Todd
    • How is this different from some company installing spyware/nagware that's not uninstallable and then sending you email asking you to pay 20 bucks for a utility that'll "remove" their piece of software.
      That's like the Boy Scout spaghetti dinner fundraiser where the spaghetti is free but the Pepto Bismol is $10.
  • What gives? (Score:2, Interesting)

    by Orien ( 720204 )
    I've never understood why operations like this are so hard to track down. If you give them $40,000 that creates a finantial paper trail that is traceable! The same thing with spam, if it is illeagal spam and they ask you for money, at some point the money has to go somewhere. Why do the feds have such a hard time connecting the dots on cases like this? I'm sure there is something I'm missing so someone please inform me.
    • Re:What gives? (Score:4, Interesting)

      by The_K4 ( 627653 ) on Wednesday November 12, 2003 @02:46PM (#7456011)
      The issues becomes when it crosses country lines. I recently had trouble with a buisness in Canada, I live in the US. The US police have the police who's jurisdiction the company is in do the investigation. The Canadians have the police who's jurisdiction the victim is in do the investigation. Neither set of authorities would investigate a clearly illegal act. They both refered me to the FBI who said "Unless it's a terrorist act, we will not even start a report".
    • by jcrb ( 187104 ) <jcrb@yahTOKYOoo.com minus city> on Wednesday November 12, 2003 @02:55PM (#7456101) Homepage
      which they transfer to one of the 100's of stolen credit card numbers they have which they then go off and use to by something very expensive (in person).

      As a side note, I know a network security company who got hit with one of these, end result? The FBI and the local (eastern european) police arrested and are trying the hackers in question.

      When you start trying to extort real money across international borders you are into real crime. The FBI does investigate these attacks, and I am sure they will get much better at it as time goes on.
  • ...the Financial Times reported that it had received a DDoS attack from all those /. readers accessing their site. The Financial Times has responded by offering $50,000 protection money to /. ....
  • by phorm ( 591458 ) on Wednesday November 12, 2003 @02:34PM (#7455849) Journal
    For $50,000 a year, sounds like a decent wage for anyone who's currently unemployed. Why not just hire a good whitehat instead of caving into blackhat demands?
  • by Our Man In Redmond ( 63094 ) on Wednesday November 12, 2003 @02:36PM (#7455870)
    Surely this is a violation of their IP in regards to extorting money using online means!
  • SOLUTION? (Score:4, Interesting)

    by exhilaration ( 587191 ) on Wednesday November 12, 2003 @02:36PM (#7455872)
    So how do you protect yourself from a DDOS attack? Are there any closed-source or open-source products that can do it? I've seen "network appliances" that claim to protect you, but I haven't read any reviews.
    • Re:SOLUTION? (Score:2, Interesting)

      by Anonymous Coward
      IANAE, but here's a suggestion:

      First, arrange with lots of DNS servers able to switch subdomain details in a snap.

      Second, set up N web servers: n(1), n(2) [..] on separate networks.

      If n(1) stops replying, n(2) notifies the DNS servers asking them to change the subdomain www.unddosble.com to n(2)'s IP address.

      If n(2) fails, n(3) takes over, and so on.

      Also, these servers should have pretty big pipes, so they can withstand an attack as long as possible.

      Anyone tried something like this?
    • Re:SOLUTION? (Score:2, Interesting)

      by jwhitener ( 198343 )
      I was under the assumption that products are available that allow you to block traffic from any IP that sends data over a pre-defined threshold. This block happens automatically when the data limit is reached.

      After the IP is marked as "blocked", the program can dynamically re-direct the traffic down a small pipe of its own.

      The problem is, when a new packet comes in, a program still has to run a check to see what IP its from, and make a decision whether to keep it or block it. That in itself takes work,
      • Re:SOLUTION? (Score:3, Informative)

        by merlin_jim ( 302773 )
        I was under the assumption that products are available that allow you to block traffic from any IP that sends data over a pre-defined threshold. This block happens automatically when the data limit is reached.

        But in a DDoS attack, the traffic is coming from thousands of IPs... even if each one individually trips that threshold, there's no reason a DDoS can't IP-spoof. As a matter of fact most of them do anyways, because it generates three times as many packets if the SYN/ACK handshake protocol fails...
    • Re:SOLUTION? (Score:3, Insightful)

      by merlin_jim ( 302773 )
      There are networks that are resistant to DDoS attacks... basically the network just block superfluous traffic.

      Unfortunately, there is no solution to DDoS attacks other than good security at the edges of the network. As long as anyone in the world can install Win98, not run Windows Update once, get cable internet service, and not be held accountable by their ISP for any bad things their computer may do that they didn't know about... DDoS will always be with us.

      A strategy to deal with DDoS must be part pol
  • by Anonymous Coward
    Do they use paypal?
  • by EricWright ( 16803 ) on Wednesday November 12, 2003 @02:38PM (#7455908) Journal
    ... is patent DDoSs, then extort, er... I mean, charge licensing fees, to anyone invoking a DDoS against a site. I mean, isn't that what US patents are good for these days?
  • It exposes companies to blackmail? I wonder what they're finding? The corporate ethics grey area steps in to cloud the issue ...
  • by coupland ( 160334 ) * <dchaseNO@SPAMhotmail.com> on Wednesday November 12, 2003 @02:40PM (#7455928) Journal
    Fifteen years ago all the cool kids would make fun of me and call me a computer geek and never pick me for the baseball team and stuff. Now all the cool geeks are going off forming gangs and taking down servers and I'm still left out! I can't figure this world out...
    • You think the 'cool geeks' are the ones doing this? No, this is a small number of people who lack any morals and are not seen as cool to anyone, whereas the "cool kids" in school that made fun of people are now the ones bagging groceries. Let some time go and you'll see that these 'cool geeks' are no cooler than the bullies of elementary.
  • I doubt the gangs ask for cash to be left in a briefcase in the park. I assume they use PayPal, Wire Transfer, Money Order to a PO, etc.. Anytime electronic money moves it can be traced to the receiver. Just report them to their local police.
  • by mblase ( 200735 ) on Wednesday November 12, 2003 @02:40PM (#7455930)
    DDoS attacks require a *lot* of hacked computers. Usually Microsoft OSes with low security settings.

    It annoys me that MS's bad approach to security is now threatening businesses worldwide on two levels, first by exposing their own computers and then by exposing them to distributed attacks by the general populace. Even businesses that didn't have a single MS system in use are affected by one company's half-@$$ed security practices.

    Not trying to troll, just making a genuine point. If consumer computers were security-locked by default, DDoS attacks would be infinitely more difficult to pull off.
  • Hmm (Score:4, Interesting)

    by downix ( 84795 ) on Wednesday November 12, 2003 @02:44PM (#7455969) Homepage
    The primary targets appear to be gambling sites.

    Why is it whenever the mob is involved, their first target are gambling sites? Next thing it will be online porn and pharmacudicals.
    • A: you want to hit a "dotcom" site-- one where the site actively generates money for the company, since thats where it hits them the hardest

      B: Gambling sites, as well as pr0n, makes money

      C: I imagine eBay/Amazon are too big to knuckle under these people, or have the bandwidth to deal with them
  • I for one, welcome our new packet-wielding Overlords....

    (and stuff).

    Seriously...

    When are eCommerce and all these other jagoffs going to get tired of Tha Intarw3b so that us geeks can have it back? O_o
  • by Str8Dog ( 240982 ) * on Wednesday November 12, 2003 @02:48PM (#7456030) Homepage Journal
    I am stupified... someone has finally found the ????? in the buisness plan. Amazing...

    1. Buy computers
    2. Blackmail companies for $40k or DDoS them
    3. Profit!
  • So we know that the DDoSes happen, and that they are real pain. There is not much the law can do, especially if the source is in another country. In this case, I ask the question, what can companies do, technologically to deal with the problem? Also, how can you tell the difference between being Slashdotted (some metacrawlers have the same effect) and being DDoSed?
  • Karmic in a way... (Score:4, Interesting)

    by CaptTofu ( 4109 ) on Wednesday November 12, 2003 @03:01PM (#7456162) Homepage Journal
    For the outsourcing some companies have been doing. You let some Ukrainian company design software for integral parts of your organisation's business and later get screwed by some thugs blackmailing you, well, this is one of those cases where maybe you should have paid a little more to hire domestic programmers who come from a less thugocratic society.

    Saving a buck has its limits!
  • This is what hit Worldpay a few days ago where their system was just flooded with bogus orders. Not a traditional DDOS but still just as effective. more details [theregister.co.uk]

    Rus
  • And this is different from Microsoft's "embrace, extend, and necessitate upgrade" policy how, exactly?
  • For some time I've pondered the ways to stop DDoS.

    Couldn't you write a program that scans each incoming packet and keeps statistics. Won't DDoS packets come far more frequently from a given source?

    Is there a way to avoid spoofed packets by making sure you can reply to the source first? Shouldn't current protocols be designed to avoid spoofing? Or is it more fundamental (e.g. spoofing must be solved at a lower layer in the networking model)?

    Where are the machines these attacks originate from located? C

  • by cyberlotnet ( 182742 ) on Wednesday November 12, 2003 @03:06PM (#7456219) Homepage Journal
    Its not like Gang A can Stop Gang B from DDos attacking a network.. This is not the slums where they can have hired henchmen beat anyone else trying to inch into there area.

    You pay gang A to go away.. a month later gang B hits you.. You complain to gang A.. They tell you its not them.. You pay gang B.. a month later gang C hits you.. WASH and Repeat till your company is broke
  • by InfraredEyes ( 207602 ) on Wednesday November 12, 2003 @03:10PM (#7456261)
    ...the targets need not be large companies with high-profile Websites. My small (5 person) company is just now recovering from a DDOS attack against the DNS server used by our ISP; as of yesterday evening, they were getting repeated hits from at least 15,000 zombies. Our email and our Website were completely inaccessible for about 24 hours, and many other DNS customers will have suffered similarly. Various changes in server IP address etc. seem to have fixed the problem for now. The advice from the DNS server people is to use at least two independent DNS services in future. It must hurt to have to tell customers, in effect, to do business with your competitors to ensure service.
  • by Ridgelift ( 228977 ) on Wednesday November 12, 2003 @03:30PM (#7456507)
    More than a dozen offshore gambling sites serving the US market were hit by the so-called Distributed Denial of Service attacks and extortion demands in September and the tactic is now spreading. Sites have been asked to pay up to $50,000 to ensure they are free from attacks for a year.

    Offshore gambling sites? Almost as if one gang who run the casinos are being hit by other gangs. I wonder who the Cyber-Godfathers are?
  • How to collect? (Score:4, Insightful)

    by gr8_phk ( 621180 ) on Wednesday November 12, 2003 @03:41PM (#7456697)
    How do these guys expect to collect the money without being caught? You need to show up in person to accept cash (or at least show up at a drop point) and large transfers can be tracked... Can't they? So how do they collect?
    • Re:How to collect? (Score:3, Interesting)

      by jonhuang ( 598538 )
      Or they set up a few fake auctions on ebay set up with stolen credit card numbers. The company uses "buy it now" (this launders the money) and the money is transfered electronically into a stolen or shady account.

Our OS who art in CPU, UNIX be thy name. Thy programs run, thy syscalls done, In kernel as it is in user!

Working...