Slashdot Mirror
British Authorities Nail Online Blackmailers
Iphtashu Fitz writes "CNet's News.com is reporting that 3 men have been arrested for allegedly blackmailing websites by threatening DDoS attacks if they didn't pay between $10,000 and $55,000. Britians National Hi-Tech Crime Unit (NHTCU) worked with the targeted websites to combat the DDoS attacks and to track their origin. With the help of Russian police they identified and arrested three Russians and expect more arrests in the near future."
...Slashdot is rumoured to be investigating a new method of securing additional "revenue"...
In Soviet Russia, Services Distributedly Deny You.
I watched C-beams glitter in the dark near the Tannhauser gate.
And now Slashdot will DDoS them.
That can get you arrested? What if I 'allegedly threaten' to watch my sister change? Will I get arrested for being a pervert?
I believe there's need to be more law enforcement on this kind of attacks, there was a time when i didn't care at all about this... but when it happened to me (well my host service) a few days ago, and my boss telling me why there's no email service... the company page was down... a really mess, and most of the time, you just wait until things settle down.
...and i will not submit news about your site on /.
"It's a case of shaking the tree and seeing what happens," she said
Best way to shake a tree? Find a brit that's been proven to be a great shaker. Louise Woodward's not doing anything lately...
the blackmailers weren't located within the United States. They probably could have gotten away with it a lot longer, as US law enforcement authorities seem to have little or no interest in such criminals or activities.
This is good. It may only be three people, but that's three less people who are trying to take advantage of the Internet and the people who use it. And I say good job on the cooperation between British and Russian officials who got the three guys. :)
Ah am not a crook! (\(-__-)/)
It looks like the authorities didn't catch the bad guys, I mean, this story did get posted to SLASHDOT and all ;)
ItWasFree.com - Take the mystery
So you can bargain with these guys?
This Sig is removed due to factual inaccuracy
Send us all your lunch money or we'll post a story about your site on SLASHDOT!! [insert creepy organ music here]
The scale and scope of these attacks, and the amounts of money paid to these people, how far that money went, how many countries it was wired through, and the amount of law enforcement and private sector work involved in getting even this far would shock many of you.
Contrary to what some say, the US authorities *DO* care what's going on... they just can't prosecute directly unless it's affecitng US business.
These people and similar operators have extored millions of dollars in the last 12 months alone.
I'm sure many will come out and say "Oh well if you had just built your network properly...".. oh, if only it were that simple. These attacks have come in at over 4Gbps... and no matter how you slice it, that's a shitload of bandwidth.
The slashdot effect is jack shit compared to what these guys have unleashed for WEEKS at a time on one site alone.
Post the link here on slashdot and we'll DoS them - distributedly. Heck, they won't even arrest us :-)
We don't DoS site, we SlashDoS them
Before i always thought DDoS attacks were initiated by frustrated scriptkiddies who had some form of dispute (probably glined off an irc server) with the victims. This is the first time people try to take money in the process. Is this a new form of terrorism? If so, will others (virii/worm coders etc.) pick up the trend?
Would have been better if google was one of the websites contacted...
Blackmail is defined as: 1. Extortion of money or something else of value from a person by the threat of exposing a criminal act or discreditable information.
While Extortion is: 1. The act of extorting; the act or practice of wresting anything from a person by force, by threats, or by any undue exercise of power; undue exaction; overcharge.
Now since these guys weren't threatening to reveal something about the company this is garden variety extortion and not blackmail.
"Britian" -- Jesus Timothy, you're paid to edit. Be professional. Use a spellchecker.
Crime != Terrorism
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
"the gang reportedly would demand a sum of between $18,000 and $55,000 (10,000 pounds and 30,000 pounds)."
"CNet's News.com is reporting that 3 men have been arrested for allegedly blackmailing websites by threatening DDoS attacks if they didn't pay between $10,000 and $55,000"
They are asking for way too much money. If they had set realistic goals for themselves, they would not have ended up in a position like they are in today. Frankly, asking for the ammount of cash that they did seems very juvinile. Just my $.02
In nature, there are neither rewards or punishments, there are only consequences.
I'll not interrupt this online discussion, for a pound.
As I understand it, Russia is a bad place to get busted for anything. I wonder what they do when the crime is in the 50k range.
Anyone know anything about modern Russian legal?
It says 10k pounds, not dollars.
Why in hell would a National high-tech crime unit have a flash website? Worse than that, a single-page, 100% width scaling flash website.
They clearly don't have geeks running the show there, which I'd have throught was the first prerequisite for an effective high-tech crime unit. Looks like Yet Another Paper-Thin Government Initiative to me.
foo mane padme hum
I know I'm going to get tagged for this, but I got to give the right info...
h tml
Miles, aka sellfone, died at his home in Texas Sunday night. He was 24 I believe, not 17, as you can tell by clicking on this link http://www.slashnet.org/forums/Freedows-19980708.
Couldn't have been 9 years old in that log.
He is an icon on Efnet, and the network admins have juped his name in honor of him.
Rate this post as you will, but I just wanted to be sure a proper memorial was made. The BitchX crew has more information for the many who knew him.
--nova
--
good. It is payback time.
Chris ,
Php Programmers.
SWI went against the bastards who create scumware and spyware (in this case a pay-per-click search engine's Russian "affiliates") and got DDoSed for a month because they were inhibiting the profit of a criminal organization. Over $5,000 of damage was done (ask Mike Healan), and that's enough to qualify. Where's the action against the rats who perpetrated that?
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
British Authorities Nail Online Blackmailers
Can I bring the hammer? Please?
link to forum contains stinger
novalogic, still have your rags from 1997?
Sure, obviously there are some serious criminals involved in these things occasionally, but the fact remains that this kind of thing is overwhelmingly the preserve of the luser skript-kiddie, and always will be!
The mass media has been trying very hard to sell the EVIL COMPUTER-GENIUS HACKER shit to us ever since the Internet first came to the general public's attention. Bullshit like that will always sell more papers, or get more people to tune in.
If I hear one more clueless fucking cab driver tell me that we're all going to be hacked by Evil Computer-Genius Hackers(tm), I'll fucking scream.
What would stop hosting firms that charge customers .5 pence for every MB over the standard permitted monthy bandwidth from doing this to their own customers websites?
What I think is interesting is the fact that these (alleged) extortionists have been targeting online gambling businesses. Why these businesses particularly?
I'm going to put forward a theory based on some completely unsubstantiated rumours I have heard. A mate of a mate of some bloke in the pub tells me that a lot of online gambling sites do at least a sideline in money laundering. That is, two people log onto the site, one 'loses' a large amount of money, the other 'wins' a similar amount of money at the same time.
It might be that they were picking on businesses they thought wouldn't be too keen to talk to police.
Never trust a man in a blue trench coat, Never drive a car when you're dead
...A slashdot link to a site whos front page is a flash interface that links you to a 1700kb PDF file?? Recipe for disaster.
Now, if you'll excuse me, I have backups to corrupt.
It's extortion, not blackmail, numbnuts.
Yes, of COURSE there is such an infrastructure that can do the required analysis and block the traffic. Most ISPs do not have it at this point in time.
Also, your ISP is not necessairly obligated to deal with this; it may be far cheaper for them, given the resources they would need to throw at this to keep their customer up, to simply drop the problem customer, which is what many did.
Your ISP isn't necessairly going to add tens or hundreds of thousands of dollars in equipment and manpower and sacrifice half of their bandwidth just to keep your little site up unless you are paying them a small fortune.
Because they do money laundering? There may be the odd bookie out there who took some dirty money, but by and large this is total nonsense.
You might be surprised the lengths many internet gambling places go to to prevent being used to launder money. The LAST thing any gaming shop wants is the international authorities busting down their door and shutting them down. It's already a good profitable business if done right.. there is no need to accept the increased risk of laundering money for a small extra profit.
Also, in the scenario you painted... unless a lot of people do it, or the numbers are huge (in which case it would be noticed right away), there is nothing in it for the bookie above and beyond his normal customers anyway.
That said, there are several reasons this industry was more vulnerable, and was a good choice for them to attack.
- gambling sites operate outside the US & Canada, where it is MUCH harder to get solid hosting and tons of bandwidth.
- The US authorities are still on the fence as to whether someone legally operating an online gambling business in another country taking action from americans is breaking US law or not.
- Because of not operating in the US, and not wanting extra US exposure, online gambling shops generally don't talk to the US authorities.
- Online gambling shops, specifically bookies, make their money in bursts. Being down for a weekend during NFL is really expensive. 3 hours of downtime could cost you the entire week's profits on a Saturday.
- Many shops are small, independant, and not large organisations who have to justify their decisions to a board. Given the amount of money to be lost, paying $20,000 in order to not lose $100,000 is a fairly easy decision to make. pay up then investigate how you can avoid having this happen again later.
It's like if someone robbed you on the street.. and instead of just taking your moeny said "Okay, I can either take all your money, every day, or you can give me $100 right now, and keep the other $900 in your wallet AND I won't bug you again until next year". In the long run, you had better learn how to fight.. but in the immediate short term, it's a good deal.
There is a reason protection rackets work, both on and offline.
so, who "owns" the zombies now? Or are they just sitting there infected and someone else might find them and take them over? Is government sitting on them for some reason? Have all the 30,000 innocent victims from that direction been notified and gotten their machines cleaned up? Is anyone working on that probably tedious and daunting task?
Ya, I know, a lot of questions, still, they are obvious to be asked at this point.
im assuming that they were asking for pounds or european currency not US Dollars? i know we like to think we're the center of the universe...but...?
i always wondered why no one ever used DDoS on those middle east "news" sites that are just propaganda. do the world a favor.
Will I get arrested for being a pervert?
Jokes aside, if you try to make your sister pay you or do something unwanted by threatening to watch her change, then you won't be arrested for being a pervert (since you haven't done the watching yet), but you will be charged with blackmail. Same goes if you make someone else (e.g. your parents, her boyfriend) pay or do something unwanted by threatening to watch your sister change. It's blackmail, or extortion depending on the coutnry.
-hadohk
Mass-mailing viruses create an interesting ddos affect, as well. Several worms were released at the beginning of last school year that severely affected our university. A few infected students plugged their computers into the LAN and the worms spread in a matter of hours to a quite a few more naive users. The worms quickly flooded our 9 Mb/s outside pipe with SMTP packets and even managed at their peak to almost completely choke the 100 Mb/s LAN. This was on a network with 1500 users, with possibly 10-20% infected. Some demographics have a unique talent for getting infected.
Britain's is what you want :(