How Cyber Extortion Really Goes Down

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

TechWeek exclusively exposes a real case of attempted cyber extortion, as a betting company is targeted by a DDoSer claiming to work for a rival firm

“Pay me first and i’m not kiding , to pay me i open your site and tell you name the other company and secure your site.” Cyber extortionists have never been ones to care about good grammar.

This message was sent to an unnamed betting company on 5 July this year from a man claiming to be working for a rival company. How can anyone receiving this soft of message know if it is for real?

The email thread, exclusively handed to TechWeekEurope by Neustar, a distributed denial of service (DDoS) protection company, was fairly typical, although such extortion letters have rarely been handed to the media.

DDoS extortion

It started with the threat of a distributed denial of service (DDoS) attack, to knock the company’s website offline, delivered direct to a customer service representative:

Betting DDoS Extortion

Then came the following exchanges over email:

“Attacker: So what now, deal with me to open your site and tell you name the other company or what?

Company: So what would you like?

A: The other company pay me 600$ to make your site down, to pay me 1000$ i open your site and tell you name the other company and secure your site , deal?

C: We will only do this once we receive all information of the other company with proper evidence/proof etc.

A: no , pay me first and i’m not kiding , to pay me i open your site and tell you name the other company and secure your site ….

C: And, how do we know that you will give us this information and also stop hitting our site?

A: i’m not lying , and i tell to pay me i open your site and secure it and send you name the other company.

C: What are the banking details?

A: Are you ready to go to western union branch now and send me the payment?

C: I need the details and then need to go to a Western Union. Also, what is the guarantee that you wont do this again?”

The attacker then gave his details, revealing his purported name as Hassan Hamieh, his location Beirut, Lebanon. Given hackers’ need to cover their tracks, the name and location are likely false. Whoever they were, they didn’t get paid.

The strange world of DDoS attacks

But this kind of threat is made every day in the world of DDoS, a world which is growing in both the number of attacks and the size of strikes. Companies are attacking each other, crooks are extorting and even young kids are getting involved.

Neustar told TechWeek of one case where an education site, which schools used for assignments, was getting repeatedly attacked, allegedly by pupils who just couldn’t be bothered to do their homework.

Another case involved two rival doughnut suppliers. One didn’t like the other. Its answer? DDoS the rival so it couldn’t take online orders.Cyber attack

DDoS has become such a common attack method largely because of how cheap and easy it is. As TechWeek found last year, DDoS dealers are everywhere online, in the underground forums and on the public Internet. They are cheap too, with some offering to take down a website for an hour for as little as $4.

Many businesses are getting hit as a result of the growing market. The latest Neustar figures, released today, showed 22 percent of 381 UK companies surveyed admitted they had been hit by a DDoS attack in 2012.

The figures showed the top three targets by industry are prime for extortion: retail, e-commerce and telecoms. All need their pipes free from congestion – if they get clogged up for a long period of time, and their customer-facing sites go down, they risk losing plenty of money, possibly more than the attacker is asking them to pay up.

More than one in four financial services companies said they would miss out on more than £100,000 in revenue if they experienced downtime of just one hour.

Given 22 percent of UK attacks recorded in the Neustar report lasted for over a week, the potential for serious losses is clear.

What do you know about Internet security? Find out with our quiz!