Slashdot Mirror


Businesses Pay $100,000 To DDoS Extortionists Who Never DDoS Anyone (arstechnica.com)

Dan Goodin, reporting for Ars Technica: In less than two months, online businesses have paid more than $100,000 to scammers who set up a fake distributed denial-of-service (DDoS) gang that has yet to launch a single attack. The charlatans sent businesses around the globe extortion e-mails threatening debilitating DDoS attacks unless the recipients paid as much as $23,000 by Bitcoin in protection money, according to a blog post published Monday by CloudFlare, a service that helps protect businesses from such attacks. Stealing the name of an established gang that was well known for waging such extortion rackets, the scammers called themselves the Armada Collective.An excerpt from CloudFlare blog post:Given that the attackers can't tell who has paid the extortion fee and who has not, it is perhaps not surprising to learn that they appear to treat all victims the same: attacking none of them. To date, we've not seen a single attack launched against a threatened organization. This is in spite of nearly all of the threatened organizations we're aware of not paying the extortion fee. We've compared notes with fellow DDoS mitigation vendors and none of them have seen any attacks launched since March against organizations that have received Armada Collective threats.

2 of 52 comments (clear)

  1. I can't understand how companies can be so stupid by Sycraft-fu · · Score: 4, Insightful

    What the hell can you possibly hope to gain by paying off DDoSers? If you do pay them, they have literally no incentive not to just keep extorting you, and then others can do the same. Ya getting DDoS'd sucks but the good news is any sizable DDoS costs them money too, they have to rent out a botnet so they can't sustain it for very long.

    This is much different than paying "protection money" to a criminal organization in the physical world. While, yes, it is still extortion at least there you have a benefit you get: They will legitimately protect you from other criminals. Organized crime is not interested in others muscling in on their business so they do actually work to protect businesses that buy them off. It is a heavy handed situation, as if you don't pay they will go after you themselves, but you can see why it would make some sense for a business to buy in. If the police are unwilling or unable to protect them, this can.

    With DDoS gangs on the Internet, there's nothing of the sort. They are just saying "Pay us and we won't bother you," but they can go back on that, or double dip. They can easily pretend to be someone else and demand you pay up, and others can also demand you pay up. I think the more you pay the more likely you are to have a reputation of an easy mark who can be extorted at will.

  2. sad by bigdavex · · Score: 4, Funny

    It's a sad day when you can't trust extortionist to make good on their threats. Where's the pride in their craft? Where's the work ethic? Society is in decline.

    --
    -Dave