Cybercriminals Expand DDOS Extortion Demands
Free toolkits and outsourced cybercrime services make DDoS attacks popular with Anonymous, criminals, unscrupulous business competitors and anyone with a grudge.
Dear website owner: Pay up or we'll launch a distributed denial-of-service (DDoS) attack against your website.
So goes the extortion threat now being made against multiple websites, including Cryptome, which Wednesday published an "Opsecure DDOS Extortion" letter. Dated Tuesday, the letter said that unless funds were transferred to a designated Bitcoin address, the Cryptome website "will be undergoing a 'distributed denial of service' attack conducted by '1 & 0 Logic Security Group,'" starting Friday. In total, the criminals demanded 1 Bitcoin as payment, which as of Wednesday was equivalent to $102. Instead, Cryptome -- a digital archive that focuses on freedom of speech, cryptography, spying and surveillance -- published the letter, saying it was "honored" to have received it.
As detailed in a recent Economist report, DDoS attacks are increasingly used by criminals to extort businesses, with gangs demanding one or more payoffs if a business wants the disruption of its site to cease.
The growth in DDoS attacks, which remain illegal in many countries, including the United States, has been fueled in part by more advanced, and often free, DDoS attack toolkits. With enough malware-infected -- aka zombie -- PCs or servers at their disposal, attackers can overwhelm nearly any unprotected website, sometimes in spectacular fashion. Earlier this year, for example, a DDoS attack against Spamhaus broke records by spewing 300 gigabits per second of bogus data. Spamhaus ultimately mitigated the attack against it -- which used thousands of infected domain name system (DNS) servers -- with the help of DDoS attack mitigation service provider CloudFlare.... Read full story on InformationWeek
Post a comment to the original version of this story on InformationWeek