Web of Crime: Enter the Professionals

Henchmen, Extortion, and Protection Money

Sometimes the bad guys are corporate competitors who hire Web gangs to take your site down and ruin your business, leaving the arena to them. Others take the Tony Soprano route, sending extortion notes that may demand $100,000 or more to call off a threatened attack. Some even use the time-honored protection money gambit, promising to shield you against attacks--by themselves or other wise guys--as long as you pay up regularly.

Michael Reich knows all about this. He handles IT for Expert Satellite, a midsize firm in Worcester, Massachusetts, that installs digital satellite entertainment systems. Reich has more than 20 years of IT experience and, until recently, was confident that his company's network was well protected against "hackers and thieves and other teenage mischief."

He wasn't thinking big enough.

In February of 2004, Reich got an early-morning emergency call from Expert Satellite. Nobody could connect to the company's Web servers--a serious problem for a firm that does 70 percent of its business online. The source of the trouble wasn't a failed server or a downed router. Expert Satellite was under attack.

For five days, meaningless data from thousands of places around the Internet bombarded the company's two Web servers. Expert Satellite's Web site was effectively knocked out in a method called a distributed denial of service attack (DDoS).

"From the outset, we were overwhelmed," Reich says. Any countermeasure he and his team tried might gain them an hour's respite, but then the attack would return in full (or redoubled) force. "We found they could ratchet up the volume seemingly at will," he said.

At one point, Reich's servers became so physically hot from trying to process the flood of data that he had to shut them down to prevent permanent hardware damage. "It was a major hit to our company," he says.

Expert Satellite finally fended off the onslaught by moving its servers to a hosting company, Rackspace Managed Hosting, whose network is set up to protect clients against DDoS attacks.

The motive for the attack doesn't appear to have been simple vandalism. In August 2004, a federal grand jury in Los Angeles indicted Saad "Jay" Echouafni, 37, the chief executive officer of Orbit Communication in Sudbury, Massachusetts--a competitor of Expert Satellite. The indictment alleges that Echouafni and a business partner hired a clutch of computer hackers to launch the DDoS attacks against Expert Satellite and other companies.

The FBI's online wanted poster for Saad "Jay" Echouafni.
The FBI's online wanted poster for Saad "Jay" Echouafni.
In the online wanted poster for Echouafni, who has since fled the country, the FBI calls this case "the first successful investigation of a large-scale distributed denial of service attack used for a commercial purpose in the United States."

But it won't be the last. Other companies' Web sites continue to be hit by DDoS and other attacks in ways that show how much the Internet has come to resemble the analog world.

"Criminal activities on the Internet are increasing," says James Lewis, a senior fellow and director of the Technology and Public Policy program at the Center for Strategic and International Studies in Washington, D.C. "It's easy work, and there's plenty of good stuff to steal."

In its July 2005 North American Study into Organized Crime and the Internet, the antivirus firm McAfee said that it now sees 2000 potentially malicious threats each month, up from 300 per month two years ago. The study, which Lewis authored, went on to say, "Criminals now use the Internet for extortion, fraud, money laundering, and theft." A PDF of the study is available here.

Subscribe to the Security Watch Newsletter

Comments