Extortion Pattern

By Wayne Rash  |  Posted 2004-09-29 Print this article Print

?"> Although Mandell doesnt know a lot about the investigation, he does know a few things. First, he said, the extortion attempts against Authorize.Net are part of a larger extortion pattern that has already hit other financial sites. He said the attacks appear to originate outside the United States, and they appear to be a protection scheme run by organized crime. He noted that some extortion attempts against other companies may go deeper. "Those seemed to be raising money for a reason," he said. While his company seems to have gained the upper hand in todays cyber-crime battles, Mandell said he expects the such incidents to continue. Hes not alone. Peter Tippett, chief technology officer at of TruSecure, soon to become Cybertrust, said extortion rackets are up 20-fold this year. "Bot nets are the first to use new exploits," he said, and in many cases they take the lead on developing attacks on those exploits. Read more here about the merger between Betrusted and TruSecure that will form Cybertrust, billed as the largest private security services provider in the world.
Tippett said the problem with bot nets and the DDoS attacks they produce is made worse by the vulnerability of so many commercial sites. He said all but the largest e-commerce sites seem to be waiting to move ahead with products that can prevent or at least mitigate such attacks, opting to hold back until one is already under way.
"They follow the money," said David Kennedy, a senior risk analyst at TruSecure. He said the trend started with some gaming sites in the United Kingdom, where the bad guys were emboldened by the success they had there in collecting ransom money. He said he wasnt surprised to see the attacks move to the financial services industry in the United States. Kennedy said much of the activity and control over the bot nets are centered in eastern Europe, although it would be an oversimplification to say all of the attackers are based there. But he noted that some of the worst activity is ultimately based in the United States. In one case he knows of, Kennedy said one firm hired bot net controllers to attack rivals. Unfortunately, there is no easy solution to stopping the extortions or the attacks that go with them. But Mandell suggested a few steps that he called vital, the most important of which is calling the FBI. He said the second most important step is for affected businesses to help each other deal with the attacks so they wont succeed. "We need to present a united front," he said. Companies also should make sure that they have enough bandwidth so they cant be saturated by a DDoS attack, no matter how big, Mandell said. He warned that its necessary to take such preventive steps, since when attacks do come, they could effectively put an unprepared company out of business. Click here to read about other companies strategies in battling cyber-crime. Tippett suggested that companies that depend on e-commerce should have more than one pathway to the Internet, and there should be separate local loops to those pathways. Tippet and Mandell both noted that while there is no single solution that works against all attacks, its important to start using solutions that do work, even if theyre not perfect. Tippett noted that by using two or three different technologies, a company can protect itself against nearly any attack of this sort. But still, the attacks continue. Mandell said a new attack began against Authorize.Net Wednesday. "This one is different," he said, adding that since there has been no extortion letter with this latest round, it could have some other reason. He said he thinks all of the attention being paid to the first set of attacks against his company may have encouraged someone else. He noted that the FBI is on the latest case as well. And meanwhile, two more companies, this time providers of credit card merchant accounts, are under attack. These companies, identified by Kennedy as Authorize-IT in Ohio and 2Checkout in Kentucky, may also have been the recipients of extortion attempts. No word from the FBI as to whether theyre on the case there. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page

Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazineÔÇÖs Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel