Web of Crime: Enter the Professionals

It's All About the Money

Set in motion by Internet thugs who try to extort money from hapless companies, DDoS attacks may be the most intense and dramatic example of money-motivated Internet attacks. But a wide range of other dirty online deeds have the same goal.

Tech-savvy sneaks use spyware to steal company secrets. Scammers hijack PCs across the globe and use them to launch e-mail-based identity theft schemes. One novel extortion attempt even used malware to encrypt a company's own files. The bad guys then demanded a $200 ransom from the business in return for a decryption key. Luckily this plot was foiled, but security experts warn that the technique could be revamped and may reappear.

All of these attacks are linked by the profit motive and by their use of malware, formerly the province of cybervandals and attention-hungry hackers. These days, viruses, spyware, and other malicious code can be integral parts of a sophisticated scheme to pull in illegal cash.

"All you are seeing is the illegal behavior that is present in the real world...being ported to the electronic world," says Robert M. Morgester, a deputy attorney general in the California Department of Justice's special crimes unit, which prosecutes Internet crime.

The use of malware to make money has intensified in the past 18 months; and as criminals organize and improve their skills at digitally leaching money, the cost to legitimate business is skyrocketing. For instance, a study by information systems research company Computer Economics puts the worldwide financial impact of major virus attacks at almost $18 billion in 2004, up from $13 billion in 2003. Not all of those attacks were designed to make money, however.

Stan Quintana, vice president of managed security services at AT&T, works to protect business clients against DDoS attacks like the one that hit Expert Satellite. AT&T began offering dedicated DDoS protection to business clients about a year ago. In his experience, he says, the cybercriminals responsible for 80 percent of the attacks are trying to extort money.

"We were getting a lot of panic attacks from our customers saying they were under attack and they were being held for ransom and could we help them," Quintana says. Prolexic, a company founded in 2003 that protects businesses against DDoS attacks, repels at least one major version every week, according to chief technical officer Barrett Lyon. Of those, slightly less than half involve one business attacking a competitor, as happened to Expert Satellite, he says. Most of the rest are extortion attempts, where a criminal may threaten a DDoS attack unless a company pays protection money (as much as $250,000). Very few attacks occur without financial motivation, Lyon says.

Subscribe to the Security Watch Newsletter

Comments