(Internet Extortion continued)
In an earlier post I had made, I pointed out the burgeoning underground internet extortion (utilizing the dreaded Denial Of Service, or DOS, attacks) that has become more and more prevalent, especially with the online sports betting industry. In this post, I’d like to detail the modus operandi of the online mob.
A typical internet extortion would usually involve four stages. The first stage would be the “stake-out” or a reconnaissance of the online sports betting websites. At this stage the hacking syndicate would determine the probable finances (revenues, expenses, profits and the like), peak seasons, vulnerabilities, estimated duration and cost in loss of revenues of downtime and costs to repair the server system (that is, the going rate of the IT security advisory firms) of the website. This way the hacking syndicate knows just which ones to attack, how to attack, when to attack and just how much it would price the “blood money” (usually a figure below the cost of repairing the system).
The second stage would involve giving the online sports betting firm a sample of what would happen if the “blood money” is not paid, a “drive-by” of sorts. This would involve a temporary and controlled attack on the system which can be followed by several other similar attacks, usually increasing in severity, as needed.
The third stage would be the “blackmail”, where an e-mail is sent to the owner/operator of an online sports betting firm, with threats for more attacks and the demand for blood money, as well as the instructions on how to make the pay-off. The second and third stages could be repeated until a decision is made by the online sports betting firm and the latter sticks to it. This would then lead to the fourth stage.
The fourth stage could either be a “whacking”, a “tip-off” or a “pay-off”. In a whacking the online sports betting firm would refuse to pay and would try to fight off the attack, usually by employing the expertise of IT security firms. This often translates to considerable costs in downtime (thus lost revenues from bettors) and the fees of the IT experts brought in.
A tip-off would involve bringing in the law enforcement authorities. It may or may not involve bringing IT experts to help defend against the attack and also, may or may not involve a pay-off intended to entrap the extortionists. This will probably lead to retaliatory attacks and might alert and scare off bettors.
The third option, a pay-off, would usually be the best solution in terms of damage control and usually would mean that that particular hacking syndicate would not attack the paying firm for some time, though there is no guarantee to this.
-by Stanley Cabrera
Wednesday, 21 February 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment