Security Experts Warn of Online Extortion Epidemic

Jeff Berg
LONDON — Security experts warned today that thousands of organizations are paying cyber extortion bribes to hackers for fear that their servers will be the target of a distributed denial of service attack.

“The epidemic of cybercrime is growing,” said Alan Paller, director of research for the SANS Institute, at the Top 20 Vulnerabilities conference in London earlier today.

According to Paller, up to 7,000 organizations are currently paying online extortion demands.

“Every online gambling site is paying extortion,” Paller said. “Hackers are using DDoS attacks, using botnets to do it. Then they say, ‘Pay us $40,000, or we’ll do it again.’”

Such threats go largely unreported because companies often feel embarrassed to talk about it, Paller said, but the implications of them are huge. According to Paller, the same types of techniques used by cyber extortionists could be targeted against government organizations.

Paller’s concerns may not be unwarranted.

Earlier this year, Britain’s National Hi-Tech Crime United arrested three men allegedly connected with a Russian gang running an online protection scheme.

According to police, the gangs targeted online gambling companies and requested between $18,000 and $55,000 in protection.

Paller laid some of the blame for the recent growth of cybercrime on software developers, saying that software vulnerabilities should be the responsibility of the vendor.

“Applications breaking after patching is the operating system vendor’s fault,” Paller said, recommending that they take the SANS Institute’s top 20 security vulnerabilities to heart.