Slashdot Mirror

← Back to Stories (view on slashdot.org)

British Authorities Nail Online Blackmailers

Posted by timothy on from the whack-a-mole dept.

Iphtashu Fitz writes "CNet's News.com is reporting that 3 men have been arrested for allegedly blackmailing websites by threatening DDoS attacks if they didn't pay between $10,000 and $55,000. Britians National Hi-Tech Crime Unit (NHTCU) worked with the targeted websites to combat the DDoS attacks and to track their origin. With the help of Russian police they identified and arrested three Russians and expect more arrests in the near future."

27 of 153 comments (clear)

  1. In other news... by Anonymous Coward · · Score: 5, Funny

    ...Slashdot is rumoured to be investigating a new method of securing additional "revenue"...

    1. Re:In other news... by Metallic+Matty · · Score: 4, Funny

      Actually, that's not a bad idea..

      *ponders*

      Send 100 USD to this pay pal account or I'll submit a slashdot story which links to your personal website.

      hehe.

    2. Re:In other news... by l0ungeb0y · · Score: 2, Interesting

      Erm no, because though a slashdotting may cripple a site, 10 people will post mirrors, plus it's free publicity -- so why pay when you're basically threatening to advertise them for free and offer the value added service of recruiting 10 people to mirror the site for FREE? That's some threat. :)

      Maybe you haven't noticed the rise in advertisements masquerading as articles on /. these days? Well now you know why.

  2. (Sorry in advance) by daeley · · Score: 2, Funny

    In Soviet Russia, Services Distributedly Deny You.

    --
    I watched C-beams glitter in the dark near the Tannhauser gate.
  3. DDoS by Anonymous Coward · · Score: 5, Funny

    And now Slashdot will DDoS them.

  4. Allegedly threatening a DDoS attack? by Quickfry · · Score: 3, Funny

    That can get you arrested? What if I 'allegedly threaten' to watch my sister change? Will I get arrested for being a pervert?

    1. Re:Allegedly threatening a DDoS attack? by rking · · Score: 4, Informative

      What if I 'allegedly threaten' to watch my sister change? Will I get arrested for being a pervert?

      Arrests are invariably over allegations. In the UK, at least, we have a whole court system that determines whether the allegations were true and that only kicks in after arrest. In this case the charges were for blackmail. Blackmail is by its nature based on threats. If you're from the US then I think you call the crime "extortion" instead.

    2. Re:Allegedly threatening a DDoS attack? by Tired+and+Emotional · · Score: 2, Informative
      This is a plain and simple case of "demanding money with menaces" which is illegal most places.

      Now the case on jurisdiction will be interesting. Presumably the menaces were delivered over the Internet from Russia. So where was the crime committed? Are they subject to extradition?

      --
      Squirrel!
    3. Re:Allegedly threatening a DDoS attack? by Motherfucking+Shit · · Score: 2, Funny
      What if I 'allegedly threaten' to watch my sister change? Will I get arrested for being a pervert?
      Probably not, unless your alleged sister alleges that you watched her changing, or unless you allegedly post pictures of your sister changing online. But we can't know for sure until we see the alleged photos. Have you allegedly tried Gnutella, and if so, what are the alleged filenames?

      *The preceding post alleges that your sister is of legal age.
      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  5. pay me $10k... by Anonymous Coward · · Score: 4, Funny

    ...and i will not submit news about your site on /.

  6. I say good job by Alcohol+Fueled · · Score: 4, Insightful

    This is good. It may only be three people, but that's three less people who are trying to take advantage of the Internet and the people who use it. And I say good job on the cooperation between British and Russian officials who got the three guys. :)

    --
    Ah am not a crook! (\(-__-)/)
    1. Re:I say good job by akaiONE · · Score: 3, Informative

      There were acording to El. Reg ten more of these crimminals who got arrested in Riga, Latvia last year. This investigation seem to have been going for a while and its good to see that scriptkiddies, mafia and mobsters are not allowed to try to extort victims this way.

      --

      "-Who said sit down?!"
      -- S. Ballmer @ MSDC 2003.

  7. Mmmmm by hdd · · Score: 2, Funny
    between $10,000 and $55,000

    So you can bargain with these guys?

    --
    This Sig is removed due to factual inaccuracy
  8. Revision 2.0 by aardvarko · · Score: 2, Funny

    Send us all your lunch money or we'll post a story about your site on SLASHDOT!! [insert creepy organ music here]

  9. The scope of this would surprise many of you. by mindstrm · · Score: 4, Interesting

    The scale and scope of these attacks, and the amounts of money paid to these people, how far that money went, how many countries it was wired through, and the amount of law enforcement and private sector work involved in getting even this far would shock many of you.

    Contrary to what some say, the US authorities *DO* care what's going on... they just can't prosecute directly unless it's affecitng US business.

    These people and similar operators have extored millions of dollars in the last 12 months alone.

    I'm sure many will come out and say "Oh well if you had just built your network properly...".. oh, if only it were that simple. These attacks have come in at over 4Gbps... and no matter how you slice it, that's a shitload of bandwidth.

    The slashdot effect is jack shit compared to what these guys have unleashed for WEEKS at a time on one site alone.

    1. Re:The scope of this would surprise many of you. by Anonymous Coward · · Score: 2, Informative

      Of course.. its all so simple !!! Every one else but you must be an idiot.

      These attacks come from all over - not just from one or two hundred easily identifiable sources - you do not understand the scale. Huge numbers of requests, from distributed locations, converge upon one location.

      So much bandwidth is generated, Tier 1 ISP's are forced to block the target IP address range.

  10. This is extortion not blackmail by TheNarrator · · Score: 4, Informative
    Knock! Knock! Langugage police is here

    Blackmail is defined as: 1. Extortion of money or something else of value from a person by the threat of exposing a criminal act or discreditable information.

    While Extortion is: 1. The act of extorting; the act or practice of wresting anything from a person by force, by threats, or by any undue exercise of power; undue exaction; overcharge.

    Now since these guys weren't threatening to reveal something about the company this is garden variety extortion and not blackmail.

    1. Re:This is extortion not blackmail by rking · · Score: 5, Informative
      Blackmail is a specific crime in the UK, defined by section 21 of the Theft Act 1968 :

      21 (1) A person is guilty of blackmail if, with a view to gain for himself or another or with intent to cause loss to another, he makes any unwarranted demand with menaces; and for this purpose a demand with menaces is unwarranted unless the person making it does so in the belief:
      (a) that he has reasonable grounds for making the demand; and
      (b) that the sue of the menaces is a proper means of reinforcing the demand

      (2) The nature of the act or omission is immaterial , and it is also immaterial whether the menaces relate to action to be taken by the person making the demand.

      (3) A person guilty of blakmail shall on conviction non indictment be liable to imprisonment for a term not exceeding fourteen years.


      These people are being accused of blackmail.
    2. Re:This is extortion not blackmail by stephanruby · · Score: 2, Interesting

      Then, when are the British authorities going after SCO?

  11. Britian by 1u3hr · · Score: 2, Informative

    "Britian" -- Jesus Timothy, you're paid to edit. Be professional. Use a spellchecker.

  12. 10,000 POUNDS, not DOLLARS by 1u3hr · · Score: 2, Informative
    Apparently neither the submitter nor editor RTFA:

    "the gang reportedly would demand a sum of between $18,000 and $55,000 (10,000 pounds and 30,000 pounds)."

  13. Re:Why DDos? by nacturation · · Score: 3, Interesting

    I'm just anxious to see a real DoS attack. Any idea where I can find some code to see how it actually works?

    I'm probably feeding a troll here, but what the hell. Why do you need to see code? It's little more than a massive surge in traffic which looks legitimate. Try this pseudocode on for size:

    while(1)
    - recursively get victim's entire website

    Now spread that across 100,000 zombie machines, each capable of pulling in an average of maybe 20KB/s. Suddenly the victim's dealing with 2GB/s of traffic or, more likely, not dealing with it as the traffic would thoroughly saturate not only the victim's website but also the entire hosting provider's network.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  14. Ouch... by nametaken · · Score: 2, Interesting


    As I understand it, Russia is a bad place to get busted for anything. I wonder what they do when the crime is in the 50k range.

    Anyone know anything about modern Russian legal?

  15. Re:what's next? by nacturation · · Score: 3, Informative

    Is this a new form of terrorism?

    This has been around since the dawn of man. "Do X or else I'll do Y." X can be a request for money, goods, services, actions... you name it; Y is generally always something which will harm the intended victim, whether financially, personally, or emotionally. Extortion is certainly nothing new and, while it's often terrifying for the victim, it isn't necessarily a terrorist activity.

    Heck, compare the following three extortion demands:

    Mild: "If you don't stop playing Doom 3 so much, I'm leaving you."
    Medium: "Give me a raise or I'll alert the media about the company's fudged finances."
    Intense: "Clear out of Iraq or we execute these hostages."

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  16. Re:Why DDos? by LiquidCoooled · · Score: 2, Interesting

    This is the thing that always gets me.

    Companies and webmasters cry DDOS when their website just simply cant handle the flood.

    Granted, some attacks are genuine, but all it takes to DDOS someone is a posting on one of the many websites (not just slash) that the original webadmin wasn't expecting.

    Its like hearing in the news about an ongoing DDOS attack on xyz's site, whats the first thing you do?

    I know I try and load the page.....

    --
    liqbase :: faster than paper
  17. Oh brother.... by mindstrm · · Score: 2, Interesting


    Because they do money laundering? There may be the odd bookie out there who took some dirty money, but by and large this is total nonsense.

    You might be surprised the lengths many internet gambling places go to to prevent being used to launder money. The LAST thing any gaming shop wants is the international authorities busting down their door and shutting them down. It's already a good profitable business if done right.. there is no need to accept the increased risk of laundering money for a small extra profit.

    Also, in the scenario you painted... unless a lot of people do it, or the numbers are huge (in which case it would be noticed right away), there is nothing in it for the bookie above and beyond his normal customers anyway.

    That said, there are several reasons this industry was more vulnerable, and was a good choice for them to attack.

    - gambling sites operate outside the US & Canada, where it is MUCH harder to get solid hosting and tons of bandwidth.

    - The US authorities are still on the fence as to whether someone legally operating an online gambling business in another country taking action from americans is breaking US law or not.

    - Because of not operating in the US, and not wanting extra US exposure, online gambling shops generally don't talk to the US authorities.

    - Online gambling shops, specifically bookies, make their money in bursts. Being down for a weekend during NFL is really expensive. 3 hours of downtime could cost you the entire week's profits on a Saturday.

    - Many shops are small, independant, and not large organisations who have to justify their decisions to a board. Given the amount of money to be lost, paying $20,000 in order to not lose $100,000 is a fairly easy decision to make. pay up then investigate how you can avoid having this happen again later.

    It's like if someone robbed you on the street.. and instead of just taking your moeny said "Okay, I can either take all your money, every day, or you can give me $100 right now, and keep the other $900 in your wallet AND I won't bug you again until next year". In the long run, you had better learn how to fight.. but in the immediate short term, it's a good deal.

    There is a reason protection rackets work, both on and offline.

  18. Re:what's next? by Poeir · · Score: 2, Funny

    I'm not sure why, but after reading this post I really wand some cheddar...

    --
    Sigs are like bumper stickers.