Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Hackers, Extortion Threats Shut Down Game Site

    Written by

    Ryan Naraine
    Published December 16, 2005
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      White Wolf Publishing Inc., a company responsible for some of the most popular role-playing game brands, has shut down operations after international hackers exploited a software flaw and stole user data that included user names, e-mail addresses and encrypted passwords.

      Following the breach, the company, based in Stone Mountain, Ga., said the hackers attempted to extort money by threatening to post the potentially sensitive user data on the Internet.

      “We have no intention of paying this money, and are in contact with the FBI in an attempt to bring these criminals to justice,” White Wolf said in a notice posted online.

      “As far as we can ascertain, they were unable to access any credit card data (nor have they claimed they did). However, it is possible for the encrypted passwords they accessed to be decrypted given enough time,” the company said.

      /zimages/2/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      White Wolf recommended that users and fans that may have used the same user name and password for other Internet services change those passwords immediately.

      Although Web site breaches and data theft are commonplace, security researchers say the brazen extortion attempt against White Wolf confirms earlier fears that attacks against small businesses sites are being done by well-organized international crime groups.

      /zimages/2/28571.gifRead more here about todays hackers, who focus on cracking code for profit.

      “This started early in 2004 when the botnet owners used mostly denial-of-service attacks to extort money from banks and ISPs. We used to think of those as experimental attacks, but its become much more brazen and organized today,” said John Pescatore, research director for Internet Security at Gartner Inc.

      “From the experimenting stage, it moved to vandalism, and we had all these defacement attacks. After that, it became politically motivated and we kind of expected the next phase to be cyber-crime. Thats the stage were in today with these kinds of extortion attacks,” Pescatore said in an interview.

      He said the White Wolf breach was a classic example of hackers targeting small businesses in extortion schemes.

      “They are picking on the smaller businesses that are less likely to defend themselves. Once the banks started paying for distributed denial-of-service protection, the small businesses became a prime target,” he said.

      Pescatore said pornography and online gambling sites are perennial targets for denial-of-service extortion schemes and pointed out that companies like Prolexic Technologies Inc. have found a lucrative niche in providing DDoS mitigation services.

      /zimages/2/28571.gifA group of high-profile security researchers goes hunting for botnets. Click here to read more.

      Andrew Jaquith, senior analyst with Yankee Group Research Inc., said the White Wolf situation is “the equivalent of guys with ski masks running around breaking knees.”

      “We havent seen evidence that this is a widespread phenomenon, but theres enough chatter in the security underground that the risk of this happening to any small business is very real,” Jaquith said.

      He said smaller companies that cannot afford to budget for DDoS mitigation technology should consider perimeter defense from a managed services provider.

      “Its hard to defend against something thats already stolen. Once the data is gone, like in White Wolfs case, youre basically at the mercy of the attacker.”

      “If theres one thing the last 18 months have shown us with botnets and pervasive malware is that hackers will take advantage of whatever angle they think theyll get. If this is what works, well see more of it,” Jaquith added.

      Gartners Pescatore said companies that collect sensitive data from customers have a responsibility to find and patch software flaws that are exploited by hackers.

      Officials from White Wolf did not respond to requests for comment. On message boards dedicated to role playing games, fans of the site said the breach likely occurred via flaws in the PHPBB software used by White Wolf.

      The PHPBB Web forum software has been the target of attacks by an Internet worm known as Net-Worm.Perl.Santy.A or Santy. The worm uses Google search to randomly find sites running PHPBB and overwrites several different files to deface the forums.

      “Most of these data breaches occur because companies leave gaping holes unpatched,” Pescatore said. “These businesses need to start using vulnerability management and intrusion-detection software, preferably from a managed services provider. They should also be encrypting stored data to provide added protection [for users].”

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine
      Ryan Naraine

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×