Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security The Almighty Buck

British Authorities Nail Online Blackmailers 153

Iphtashu Fitz writes "CNet's News.com is reporting that 3 men have been arrested for allegedly blackmailing websites by threatening DDoS attacks if they didn't pay between $10,000 and $55,000. Britians National Hi-Tech Crime Unit (NHTCU) worked with the targeted websites to combat the DDoS attacks and to track their origin. With the help of Russian police they identified and arrested three Russians and expect more arrests in the near future."
This discussion has been archived. No new comments can be posted.

British Authorities Nail Online Blackmailers

Comments Filter:
  • by Anonymous Coward on Thursday July 22, 2004 @01:30AM (#9767470)
    ...Slashdot is rumoured to be investigating a new method of securing additional "revenue"...
  • In Soviet Russia, Services Distributedly Deny You.
  • DDoS (Score:5, Funny)

    by Anonymous Coward on Thursday July 22, 2004 @01:31AM (#9767479)
    And now Slashdot will DDoS them.
  • That can get you arrested? What if I 'allegedly threaten' to watch my sister change? Will I get arrested for being a pervert?
    • by rking ( 32070 ) on Thursday July 22, 2004 @01:43AM (#9767529)
      What if I 'allegedly threaten' to watch my sister change? Will I get arrested for being a pervert?

      Arrests are invariably over allegations. In the UK, at least, we have a whole court system that determines whether the allegations were true and that only kicks in after arrest. In this case the charges were for blackmail. Blackmail is by its nature based on threats. If you're from the US then I think you call the crime "extortion" instead.
    • In some states in the USA

      Threatening to commit a crime to extort payment is a crime.

      Threatening to hurt someone is a crime.

      Planning to commit a crime is considered a crime in some cases.

    • This is a plain and simple case of "demanding money with menaces" which is illegal most places.

      Now the case on jurisdiction will be interesting. Presumably the menaces were delivered over the Internet from Russia. So where was the crime committed? Are they subject to extradition?

    • Becuase of the whole "innocent until proven guilty (unless a suspected terrorist)" thing, news sources don't say some has commited a crime in the UK, until they have been found guilty. By adding 'allegedly' the news source can't be sued by the person if they are later found innocent.

      In this case the crime is blackmail/extortion, and it is alleged until/if they are found guilty.

      It's a running joke on the popular UK satrical news quiz Have I Got News For You they will say very rude and outrageous (althou

      • Becuase of the whole "innocent until proven guilty (unless a suspected terrorist)" thing, news sources don't say some has commited a crime in the UK, until they have been found guilty. By adding 'allegedly' the news source can't be sued by the person if they are later found innocent.

        Also, the UK courts generally take the view that the right of the accused to a fair trial outweighs the freedom of the press (until the trial is over).

        News media are always careful not to say anything that might prejudice a t
    • What if I 'allegedly threaten' to watch my sister change? Will I get arrested for being a pervert?
      Probably not, unless your alleged sister alleges that you watched her changing, or unless you allegedly post pictures of your sister changing online. But we can't know for sure until we see the alleged photos. Have you allegedly tried Gnutella, and if so, what are the alleged filenames?

      *The preceding post alleges that your sister is of legal age.
    • That can get you arrested? What if I 'allegedly threaten' to watch my sister change? Will I get arrested for being a pervert?

      Dude, there's no room in the closet for you too. Go find your own girl to spy on.

  • I believe there's need to be more law enforcement on this kind of attacks, there was a time when i didn't care at all about this... but when it happened to me (well my host service [hostsave.com]) a few days ago, and my boss telling me why there's no email service... the company page was down... a really mess, and most of the time, you just wait until things settle down.
  • by Anonymous Coward on Thursday July 22, 2004 @01:37AM (#9767499)
    ...and i will not submit news about your site on /.
  • "It's a case of shaking the tree and seeing what happens," she said
    Best way to shake a tree? Find a brit that's been proven to be a great shaker [channel4.com]. Louise Woodward's not doing anything lately...
  • the blackmailers weren't located within the United States. They probably could have gotten away with it a lot longer, as US law enforcement authorities seem to have little or no interest in such criminals or activities.
    • Not true. I've personally witnessed subpeonas from the FBI relating to a customer's activity at an ISP I worked for. I had to give data relating to the incident and narrowly escaped having to appear in court as a witness.
      • I'd bet the activity was something un-pc like kiddie porn. They don't give a damn about fraud, spam or computer tampering, but if there's some naked people or bongs involved, they're quite attentive.
  • I say good job (Score:4, Insightful)

    by Alcohol Fueled ( 603402 ) on Thursday July 22, 2004 @01:42AM (#9767525) Homepage
    This is good. It may only be three people, but that's three less people who are trying to take advantage of the Internet and the people who use it. And I say good job on the cooperation between British and Russian officials who got the three guys. :)

    • Re:I say good job (Score:3, Informative)

      by akaiONE ( 467100 )
      There were acording to El. Reg [theregister.co.uk] ten more of these crimminals who got arrested in Riga, Latvia last year. This investigation seem to have been going for a while and its good to see that scriptkiddies, mafia and mobsters are not allowed to try to extort victims this way.
  • It looks like the authorities didn't catch the bad guys, I mean, this story did get posted to SLASHDOT and all ;)
  • Mmmmm (Score:2, Funny)

    by hdd ( 772289 )
    between $10,000 and $55,000

    So you can bargain with these guys?

    • Well, yeah, they are just plain-old blackmailers, you can always negotiate with them. It's not like they are Mac zealots or C++ Object Methodologists or anything.
    • So you can bargain with these guys?

      Yes, if you pay early they'll also throw in a set of steak knives....
  • Send us all your lunch money or we'll post a story about your site on SLASHDOT!! [insert creepy organ music here]
  • by mindstrm ( 20013 ) on Thursday July 22, 2004 @01:58AM (#9767588)
    The scale and scope of these attacks, and the amounts of money paid to these people, how far that money went, how many countries it was wired through, and the amount of law enforcement and private sector work involved in getting even this far would shock many of you.

    Contrary to what some say, the US authorities *DO* care what's going on... they just can't prosecute directly unless it's affecitng US business.

    These people and similar operators have extored millions of dollars in the last 12 months alone.

    I'm sure many will come out and say "Oh well if you had just built your network properly...".. oh, if only it were that simple. These attacks have come in at over 4Gbps... and no matter how you slice it, that's a shitload of bandwidth.

    The slashdot effect is jack shit compared to what these guys have unleashed for WEEKS at a time on one site alone.

    • by Anonymous Coward
      they just can't prosecute directly unless it's affecitng US business.

      Correction: they can't prosecute unless the attackers are located in the US or a country that has an extradition treaty with the US. Even if the attackers are fucking up US businesses with their DDoS attacks, the US can't do anything aside from attempt to stop the attacks up to a point. The only time they can do something is if there is a lot at stake as a result of the attacks.

      Also, having the Russians actually cooperate on an investig
      • Also, having the Russians actually cooperate on an investigation like this is very rare. There must have been some pressure put somewhere to get their cooperation.

        When you ask instead of demand you get co operation. UK police have a good record of getting co operation from others, usually because they give it themselves.

      • Okay, I don't mean just prosecution, but any sort of investigative help at all. Many of the attacking zombies were in the US, and tons of the traffic moved through the US.

        The US Govt. was actually quite helpful during related attacks earlier this year, even though they would most likely not end up prosecuting anyone.
    • Dispite the sheer scale of the assault (over 4Gbps), the problem is still avoidable with the right infrastructure. The ISP is certainly carrying the bandwith, and it should be their job to monitor connections. If an ISP spots 4Gbps entering a site from less than 50 addresses, they should ring up and ask "You, guy's OK?". Upon hearing demented screams of terror on the line, they should block the 50 ip addresses.

      Admittedly most ISP couldn't be bothered to check, but with the right hardware a victim could ana
      • by Anonymous Coward
        Of course.. its all so simple !!! Every one else but you must be an idiot.

        These attacks come from all over - not just from one or two hundred easily identifiable sources - you do not understand the scale. Huge numbers of requests, from distributed locations, converge upon one location.

        So much bandwidth is generated, Tier 1 ISP's are forced to block the target IP address range.
      • If it were 200 IPS, or even 2000, this would not have been aproblem.

        So tell me, smarteyman, as my ISP, how do you plan to block 4Gbps of legitimate-looking web requests coming from 30,000 hosts in nearly an equal number of unrelated subnets, distributed globally?

        • Yes, of COURSE there is such an infrastructure that can do the required analysis and block the traffic. Most ISPs do not have it at this point in time.

          Also, your ISP is not necessairly obligated to deal with this; it may be far cheaper for them, given the resources they would need to throw at this to keep their customer up, to simply drop the problem customer, which is what many did.
          Your ISP isn't necessairly going to add tens or hundreds of thousands of dollars in equipment and manpower and sacrifice half
        • So tell me, smarteyman, as my ISP, how do you plan to block 4Gbps of legitimate-looking web requests coming from 30,000 hosts in nearly an equal number of unrelated subnets, distributed globally?


          If a sites incoming traffic suddenly exceeds a certain level, drop 9 of every ten requests to that server, going up to 99 of every hundred if the problem gets worse.

          In case one, legit people still have a 10% chance of contact, while the hard to set up and rare 30,000 zombie attack is blunted. The site is hindere
          • Although I will admit allowing 10% of my customers through instead of none is a start, it's nowhere near a satisfactory solution, and my customers are still going to leave in droves.

            That's not solving the problem, nor does it require much infrastructure.

            The actual solution involves tons of caching and load balancing, as well as very aggressive filtering (to-date, you can generally detect some aspect of the zombie behavior that differs from a legitimate user's request.. and thereby block it out).

            Also, the
          • Also.. ever tried to work with an interactive website when only one out of ten reqeusts gets through?

            Oh, you are going to cache those 10% of addresses and let all their traffic through? The attackers will quickly fill that up.

  • Post the link here on slashdot and we'll DoS them - distributedly. Heck, they won't even arrest us :-) We don't DoS site, we SlashDoS them
    • Re:Why DDos? (Score:1, Insightful)

      by Anonymous Coward
      Having been involved in this first-hand, I can assure you that the slashdot effect, as mighty and powerful as it is pales in comparison to the kind of resources these assholes were bringing to bear on their victims.

      Think 30,000 zombie machines distributed globally slamming 4 gigabits/second at your puny gigabit connected website.

      • Is Microsoft subject to any liability for this? After all, it's their shoddy operating system that enabled the attacks to take place.
        • Is Ford liable when somebody smashes the windows on an Explorer, climbs in, hotwires the car, and runs somebody down? After all, their windows were obviously not up to the task of keeping somebody out....

          NO. Of course not. The fault lies, as always, with the person ACTUALLY COMMITTING THE CRIME.

          Why is 'personal responsibility' such a difficult concept?

          • It's more like building a car that catches fire every 5,000 miles, with wheels that fall off, and locks that a child could circumvent. I've moved from the IT field into manufacturing, and it's shocking the kind of shoddy product that computer companies produce. If we produced a product like that, not only would we be out of business, but our company would be sued and our board of directors would be in prison.
            • Should we sue Red Hat every time some idiot installs a machine from that old RH 6.2 CD he has lying around, and it gets owned within thirty seconds of being on the Internet?

              Of course not. A WinXP or 2k machine, up to date with the *automatic* updates, is perfectly secure for day to day use. The vast majority, if not all, of the 'windows worms' of the last several YEARS; code red, nimda, sasser, the patches preceeded the worms themselves by weeks, sometimes months.

              • OK, here's our automatic sprinkler product. After purchasing it from the store, you must modify your product according to the easy(hah) instructions from our website. Failure to do this will result in your lawn being flooded, and our company takes no responsibility for shipping a deeply flawed product.
      • so, who "owns" the zombies now? Or are they just sitting there infected and someone else might find them and take them over? Is government sitting on them for some reason? Have all the 30,000 innocent victims from that direction been notified and gotten their machines cleaned up? Is anyone working on that probably tedious and daunting task?

        Ya, I know, a lot of questions, still, they are obvious to be asked at this point.
    • I get the point. I was just kidding about Slashdotting sites. I'm just anxious to see a real DoS attack. Any idea where I can find some code to see how it actually works?
      • Re:Why DDos? (Score:4, Interesting)

        by nacturation ( 646836 ) <nacturation&gmail,com> on Thursday July 22, 2004 @02:38AM (#9767714) Journal
        I'm just anxious to see a real DoS attack. Any idea where I can find some code to see how it actually works?

        I'm probably feeding a troll here, but what the hell. Why do you need to see code? It's little more than a massive surge in traffic which looks legitimate. Try this pseudocode on for size:

        while(1)
        - recursively get victim's entire website


        Now spread that across 100,000 zombie machines, each capable of pulling in an average of maybe 20KB/s. Suddenly the victim's dealing with 2GB/s of traffic or, more likely, not dealing with it as the traffic would thoroughly saturate not only the victim's website but also the entire hosting provider's network.
        • Re:Why DDos? (Score:2, Interesting)

          This is the thing that always gets me.

          Companies and webmasters cry DDOS when their website just simply cant handle the flood.

          Granted, some attacks are genuine, but all it takes to DDOS someone is a posting on one of the many websites (not just slash) that the original webadmin wasn't expecting.

          Its like hearing in the news about an ongoing DDOS attack on xyz's site, whats the first thing you do?

          I know I try and load the page.....

        • Now spread that across 100,000 zombie machines
          Actually, this is what I'm interested in. I'll try the while(1) thing tonight on our server :-)
  • what's next? (Score:1, Interesting)

    by Errtu76 ( 776778 )
    Before i always thought DDoS attacks were initiated by frustrated scriptkiddies who had some form of dispute (probably glined off an irc server) with the victims. This is the first time people try to take money in the process. Is this a new form of terrorism? If so, will others (virii/worm coders etc.) pick up the trend?
    • Re:what's next? (Score:1, Insightful)

      by Anonymous Coward
      This isn't terrorism you dumbass. It's just extortion. *Rolls eyes*
    • Re:what's next? (Score:4, Informative)

      by nacturation ( 646836 ) <nacturation&gmail,com> on Thursday July 22, 2004 @02:50AM (#9767751) Journal
      Is this a new form of terrorism?

      This has been around since the dawn of man. "Do X or else I'll do Y." X can be a request for money, goods, services, actions... you name it; Y is generally always something which will harm the intended victim, whether financially, personally, or emotionally. Extortion is certainly nothing new and, while it's often terrifying for the victim, it isn't necessarily a terrorist activity.

      Heck, compare the following three extortion demands:

      Mild: "If you don't stop playing Doom 3 so much, I'm leaving you."
      Medium: "Give me a raise or I'll alert the media about the company's fudged finances."
      Intense: "Clear out of Iraq or we execute these hostages."
    • I venture to suggest that you don't read much tech news other than /.. Stories about DDos blackmail of online bookies have been common for at least 6 months. As to terrorism - no: the purpose is to make money, not to create terror. As to worm authors - as with spam, zombies created by worms are already the main source of DDoS attacks.
  • by TheNarrator ( 200498 ) on Thursday July 22, 2004 @02:18AM (#9767655)
    Knock! Knock! Langugage police is here

    Blackmail [reference.com] is defined as: 1. Extortion of money or something else of value from a person by the threat of exposing a criminal act or discreditable information.

    While Extortion [reference.com] is: 1. The act of extorting; the act or practice of wresting anything from a person by force, by threats, or by any undue exercise of power; undue exaction; overcharge.

    Now since these guys weren't threatening to reveal something about the company this is garden variety extortion and not blackmail.

  • Britian (Score:3, Informative)

    by 1u3hr ( 530656 ) on Thursday July 22, 2004 @02:23AM (#9767671)
    "Britian" -- Jesus Timothy, you're paid to edit. Be professional. Use a spellchecker.
    • Apparently neither the submitter nor editor RTFA:

      "the gang reportedly would demand a sum of between $18,000 and $55,000 (10,000 pounds and 30,000 pounds)."

    • He's using Linux - what would you expect, he can't get spellcheck to work.
  • "CNet's News.com is reporting that 3 men have been arrested for allegedly blackmailing websites by threatening DDoS attacks if they didn't pay between $10,000 and $55,000"

    They are asking for way too much money. If they had set realistic goals for themselves, they would not have ended up in a position like they are in today. Frankly, asking for the ammount of cash that they did seems very juvinile. Just my $.02
    • They're blackmailing online bookies, not individuals, and mainly timing it around big sporting events. The amount of income lost due to the DDoS could easily be more than the requested payment.
  • Ouch... (Score:3, Interesting)

    by nametaken ( 610866 ) on Thursday July 22, 2004 @02:49AM (#9767746)

    As I understand it, Russia is a bad place to get busted for anything. I wonder what they do when the crime is in the 50k range.

    Anyone know anything about modern Russian legal?
  • Why in hell would a National high-tech crime unit [nhtcu.org] have a flash website? Worse than that, a single-page, 100% width scaling flash website.

    They clearly don't have geeks running the show there, which I'd have throught was the first prerequisite for an effective high-tech crime unit. Looks like Yet Another Paper-Thin Government Initiative to me.

  • SWI went against the bastards who create scumware and spyware (in this case a pay-per-click search engine's Russian "affiliates") and got DDoSed for a month because they were inhibiting the profit of a criminal organization. Over $5,000 of damage was done (ask Mike Healan), and that's enough to qualify. Where's the action against the rats who perpetrated that?
  • What I think is interesting is the fact that these (alleged) extortionists have been targeting online gambling businesses. Why these businesses particularly?

    I'm going to put forward a theory based on some completely unsubstantiated rumours I have heard. A mate of a mate of some bloke in the pub tells me that a lot of online gambling sites do at least a sideline in money laundering. That is, two people log onto the site, one 'loses' a large amount of money, the other 'wins' a similar amount of money at th
    • Oh brother.... (Score:2, Interesting)

      by mindstrm ( 20013 )

      Because they do money laundering? There may be the odd bookie out there who took some dirty money, but by and large this is total nonsense.

      You might be surprised the lengths many internet gambling places go to to prevent being used to launder money. The LAST thing any gaming shop wants is the international authorities busting down their door and shutting them down. It's already a good profitable business if done right.. there is no need to accept the increased risk of laundering money for a small extra pr
  • im assuming that they were asking for pounds or european currency not US Dollars? i know we like to think we're the center of the universe...but...?
  • Britain's is what you want :(

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...