Security

China Arrests Web Site Attacker Who Extorted Money

Beijing police have detained a man they say extorted cash from companies after launching cyberattacks on their Web sites, one of a handful of such arrests in China in recent years.

The 39-year-old and an accomplice made 85,200 yuan (US$12,500) in two months by convincing companies whose Web sites they "paralyzed" to pay for an end to the attacks, police said in a faxed statement Wednesday.

The man's apparent attack method, distributed denial of service (DDOS), has been used by cybercriminals to seek ransom payments in and out of China. But the method has become outdated in China as most cybercriminals have abandoned it for less risky roads to profit, said Zhao Wei, CEO of Knownsec, a Beijing security firm.

An attacker in a DDOS attack orders a botnet, or a large group of compromised computers, to repeatedly attempt to connect to a victim's Web site. The massive number of communication requests received at once overwhelms the Web site's server, shutting it down or making access to the page unbearably slow.

The detainee and his partner in China launched such attacks on seven Web sites from an apartment in rural Hunan province.

Popular targets for DDOS attacks in China have included online gaming sites and the country's major Web portals. Some Chinese cybercriminals have sold DDOS services on blogs or other pages, advertising them as a way to eliminate competitors.

The attacks are difficult to trace to an attacker from their controlling servers. Authorities have relied more on offline clues like tracking the bank accounts to which extorted money was sent to make past arrests, said Zhao, the security researcher.

Still, DDOS attacks for profit are less common in China than they were a few years ago, said Zhao.

More popular is theft of bank account information, or of items like weapons or armor from online game accounts that can then be resold to game players for cash. Those attacks bring cybercriminals more money and are less likely to result in arrest than DDOS followed by extortion, Zhao said.

Subscribe to the Security Watch Newsletter

Comments