Two Men Arrested in London Over DDoS Extortion Threats

Share

Related Links

Top 5 Stories

News

Two Men Arrested in London Over DDoS Extortion Threats

12 August 2013

Following what the Greater Manchester police described as their largest ever cybercrime investigation, two polish men were arrested at a Heathrow hotel on suspicion of blackmailing a Manchester-based internet company with threats of a DDoS attack.

Details are sparse, but it would appear that the criminals first demonstrated their capability with a DDoS attack and then threatened to repeat the process unless paid off.  It would seem that rather than quietly pay up, the unnamed multimillion pound company reported the matter to the police.

"This investigation centers on an allegation that the online company was blackmailed. As part of this blackmail attempt, one of the company’s websites was made temporarily unavailable by the offenders," explained detective inspector Chris Mossop of the Greater Manchester police (GMP).

"Denial of service attacks have become increasingly common offenses in recent years and can have a devastating effect on the victim’s online business or presence," he said.

The suspects were arrested at a hotel at Heathrow airport last Wednesday following an investigation that involved GMP, the Serious Organized Crime Agency (SOCA), and law enforcement agencies in Poland and the US.

Corero, a DDoS mitigation company, is one firm that has been warning for some time about the growth in DDoS extortion. "Attackers are increasingly savvy and realize that traditional technology is easily bypassed, therefore making attacks relatively simple to carry out," warns Ashley Stephenson, CEO. "Ransom demands are often in the order of tens of thousands of pounds and can originate from Eastern European countries and other nations where it is hard to track to the perpetrators."

Stephenson believes that any firm with an income dependent on a continuous online presence is a prime target. Gambling firms, for example, are frequent targets. "Many organisations, especially gambling companies where each minute of downtime is often equated to significant revenue loss, may feel compelled to pay the ransom. But paying up, as they have learned, is just an invitation for future attacks and we often see attackers threatening to launch these DDoS attacks for repeated financial gain."

One solution for any company that receives an initial demand, he suggests, is the immediate installation of DDoS mitigation techniques "in time to call the cyber-extortionist’s bluff and stop the attack.” An alternative and perhaps additional approach, that seems to have been adopted by this Manchester company, is to report the matter to the police. Details of how the GMP were then able to locate, trap and arrest these particular DDoS suspects may emerge at any future trial.

This article is featured in:
Compliance and Policy  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×