DDoS being used in extortion schemes

So not cool! This has been well known in most circles for some time, but I think that all of the Lockergnome readers need to be aware of distributed denial-of-service (DDoS) attacks being used as a method for extortion. Read on…

Criminals are increasingly targeting corporations with distributed denial-of-service (DDoS) attacks designed not to disrupt business networks but to be used as tools to extort thousands of dollars from the companies.

Those targeted are increasingly deciding to pay the extortionists rather than accept the consequences, experts say. While reports of this type of crime have circulated for several years, most victimized companies remain reluctant to acknowledge the attacks or enlist the help of law enforcement, resulting in limited awareness of the problem and few prosecutions.

Extortion is “becoming more commonplace,” said Ed Amoroso, chief information security officer at AT&T. “It’s happening enough that it doesn’t even raise an eyebrow anymore.”

“In the past eight months we have seen an uptick with the most organized groups of attackers trying to extort money from users,” said Rob Rigby, director of managed security services at MCI (Profile, Products, Articles). “We try to do our best to get [customers] through it, but we leave it up to them to bring such attacks to the attention of law enforcement.”

While MCI has been asked to help with prosecutions in other cybercrime cases, Rigby says he does not recall a service provider being subpoenaed in a DDoS extortion case. [Read the rest]