Cyber security attackers have become extremely sophisticated at implanting malware in your systems and evading detection as they quietly steal your sensitive data. While that threat is increasing in popularity among clever hackers, there remains a thriving community of criminals who are far less sophisticated and are making a good living out of one of the oldest forms of cyber security compromise – the Denial of Service attack.
In the early days of cyber security, the most primitive attack was a “broadcast storm” where the attacker set out to cripple a website by bombarding it with spurious requests, thereby flooding the network or overwhelming the server capacity and causing the website to freeze. This was usually done to make a political statement or demonstrate the cleverness of the attacker, but it was considered a mere irritation because no lasting harm was done, and no data was stolen or corrupted.
These attack mechanisms grew in sophistication by using servers scattered over the globe to propagate the attacks (called a Distributed Denial of Service attack, DDos) thereby making them much harder to block. Almost anybody can find software on the web to launch such an attack (such as MyDoom or Stacheldraht). But criminals didn’t pay much attention to this, because there was no money to be made. Well, that has all changed….
The US Federal Bureau of Investigation (FBI) recently reported that hackers threatened more than 100 companies including big banks and brokerages in the financial sector to take their websites offline with distributed denial of service (DDoS) attacks, unless they pay large sums.
The cyber branch at the FBI’s New York office said that the companies have been receiving such DDoS threats since April 2005. They added that some companies have paid the ransom money, amounting typically to many tens of thousands of dollars. These companies end up facing further trouble as hackers know that they are willing to engage. Most of the companies are willing to pay the money to avoid service disruption that could lead to big losses. A distributed denial of service outage could mean losses of more than $100,000 an hour for financial companies, according to information services and analytics company Neustar.
In the past criminals avoided this sort of extortion because they could be tracked down through the banking system. However they now demand payment in Bitcoins, created digitally by an anonymous community of people that anyone can join. Bitcoins are transacted using computing power in a distributed network, and are called a “cryptocurrency”. When your Bitcoins are sent, there’s no getting them back, unless the recipient returns them to you. They’re gone forever. This makes extortion much more attractive for criminals, because there is almost no chance of being tracked down by law enforcement authorities. Easy money.
Originally published on csi-americas.com