Details are sparse, but it would appear that the criminals first demonstrated their capability with a DDoS attack and then threatened to repeat the process unless paid off. It would seem that rather than quietly pay up, the unnamed multimillion pound company reported the matter to the police.
"This investigation centers on an allegation that the online company was blackmailed. As part of this blackmail attempt, one of the company’s websites was made temporarily unavailable by the offenders," explained detective inspector Chris Mossop of the Greater Manchester police (GMP).
"Denial of service attacks have become increasingly common offenses in recent years and can have a devastating effect on the victim’s online business or presence," he said.
The suspects were arrested at a hotel at Heathrow airport last Wednesday following an investigation that involved GMP, the Serious Organized Crime Agency (SOCA), and law enforcement agencies in Poland and the US.
Corero, a DDoS mitigation company, is one firm that has been warning for some time about the growth in DDoS extortion. "Attackers are increasingly savvy and realize that traditional technology is easily bypassed, therefore making attacks relatively simple to carry out," warns Ashley Stephenson, CEO. "Ransom demands are often in the order of tens of thousands of pounds and can originate from Eastern European countries and other nations where it is hard to track to the perpetrators."
Stephenson believes that any firm with an income dependent on a continuous online presence is a prime target. Gambling firms, for example, are frequent targets. "Many organisations, especially gambling companies where each minute of downtime is often equated to significant revenue loss, may feel compelled to pay the ransom. But paying up, as they have learned, is just an invitation for future attacks and we often see attackers threatening to launch these DDoS attacks for repeated financial gain."
One solution for any company that receives an initial demand, he suggests, is the immediate installation of DDoS mitigation techniques "in time to call the cyber-extortionist’s bluff and stop the attack.” An alternative and perhaps additional approach, that seems to have been adopted by this Manchester company, is to report the matter to the police. Details of how the GMP were then able to locate, trap and arrest these particular DDoS suspects may emerge at any future trial.