Online extortion: Internet crime on the rise
Date: October 31, 2004Source: The Indian Express
By:
LOS ANGELES, OCTOBER, 29: When Mickey Richardson got an e-mail from gangsters threatening to bring his online sports betting operation to its knees, he paid up.
Before long, though, the thugs wanted $40,000. And that ticked him off.
Richardson couldn’t figure the odds, but he was determined to fight what’s fast becoming the scourge of internet-based businesses.
Rather than brass knuckles and baseball bats, the weapons of choice for these digital extortionists are thousands of computers. They use them to launch coordinated attacks that knock targeted websites off-line for .
Richardson was intent on keeping his ship afloat. BetCRIS, short for Bet Costa Rica International Sportsbook, takes about $2 billion in bets every year from gamblers around the world. Most are placed online.
After customers complained early last year that the website seemed sluggish, Richardson felt a little relieved when an anonymous hacker e-mailed an admission that he had launched a denial-of-service attack against BetCRIS. The hacker wanted $500, via the internet payment service e-Gold. That seemed like a bargain to Richardson.
He paid up and promptly spent thousands more on hardware designed to weed out unfriendly web traffic. ‘‘I was thinking if this ever happens again,’’ he said, ‘‘we won’t have a problem.’’
The Saturday before Thanksgiving, Richardson found out how wrong he was. An e-mail demanded $40,000 by the following noon. It was the start of one of the biggest betting weeks of the year, with pro and college football as well as basketball. Richardson didn’t respond. The next day, BetCRIS crashed hard.
The extortion gangs use PCs compromised with a series of worms and viruses. They spread most easily to machines without firewalls and automated patching from security companies. The infections force computers to listen for further instructions from a new program or direct them to check with master machines. The resulting armies of computer ‘‘bots’’ are used for sending spam and stealing financial information and launching denial-of-service attacks.
Meanwhile, Barrett Lyon, a philosophy major from Sacramento, California, and partner Glenn Lebumfacil designed a new infrastructure for BetCRIS, one that relied on massive computing power far away from Costa Rica.
But Lyon was already thinking about offense. So he turned spy. Although the individual machines used in the attacks were scattered around the world, Lyon used some common software flaws to track them further. They were all taking orders from computer servers hosting a form of anonymous online chat called IRC, for Internet Relay Chat. Lyon joined the IRC channels.
During hours of online talks from January to March of this year, Lyon offered to improve the others’ attack program and lend his own zombie computers to their efforts.
One, nicknamed eXe, began making mistakes. He logged on from his home internet service provider. And as late-night conversations turned social, he let slip his real first name, Ivan, and that he was a 21-year-old college student in Russia.
In late July, police picked him up, along with a 23-year-old St. Petersburg man and a 24-year-old in Stavropol.
Add comment Email to a Friend