Computer Crime Research Center

etc/map.jpg

Online companies facing huge losses in battling Web extortion

Date: November 10, 2004
Source: Sun-Sentinel.Com
By: Joseph Menn, Los Angeles Times

To an old-time bookie like Mickey Richardson, $500 in protection money was chump change.

So when he got an e-mail from gangsters threatening to bring his online sports betting operation to its knees, he paid up.

Before long, though, the thugs wanted $40,000. And that ticked him off.

"I'm stubborn," said Richardson, who runs Costa Rica-based BetCRIS.com. "I wanted to be the guy that says, `I didn't pay, and I beat them.'"

Richardson couldn't figure the odds, but he was determined to fight what's fast becoming the scourge of Internet-based businesses: High-tech protection rackets in which gangs of computer hackers choke off traffic to Web sites whose operators refuse their demands.

Rather than brass knuckles and baseball bats, the weapons of choice for these digital extortionists are thousands of computers. They use them to launch coordinated attacks that knock targeted Web sites off-line for days, or even weeks, at a time.

The shakedowns generate millions of dollars. Many Internet operators would rather pay protection money than risk even greater losses if their Web sites go down.

After more than a year perfecting their techniques on gambling and pornographic Web sites, the gangs are starting to turn their talents to mainstream e-commerce operations.

"It's pretty much a daily occurrence that one of our customers is under attack, and the sophistication of the attacks is getting better," said Ken Silva, a vice president at VeriSign Inc., the company that maintains the ".com" and ".net" domain name servers and provides security to many firms.

In the case of BetCRIS.com, Richardson was intent on keeping his ship afloat.

BetCRIS, short for Bet Costa Rica International Sportsbook, takes about $2 billion in bets every year from gamblers around the world. Most are placed online. After customers complained early last year that the Web site seemed sluggish, Richardson felt a little relieved when an anonymous hacker e-mailed an admission that he had launched a denial-of-service attack against BetCRIS.

The hacker wanted $500, via the Web payment service e-Gold.

That seemed like a bargain to Richardson. He paid up and promptly spent thousands more on hardware designed to weed out unfriendly Web traffic. "I was thinking if this ever happens again," he said, "we won't have a problem."

The Saturday before Thanksgiving, Richardson found out how wrong he was. An e-mail demanded $40,000 by the following noon. It was the start of one of the biggest betting weeks of the year, with pro and college football as well as basketball.

Richardson didn't respond.

The next day, BetCRIS crashed hard.

Costa Rican law enforcement was ill-equipped to deal with computer hackers thousands of miles away. Given the shaky legality of offshore betting, seeking help from U.S. authorities wasn't an attractive option.

The computer whiz

So the bookie in Costa Rica turned to Barrett Lyon, a spiky-haired philosophy major from Sacramento, Calif.

Lyon had consulted for a major provider of odds to casinos, Don Best Sports, after the Las Vegas company had been hacked, and he had helped ward off a denial-of-service attack there in 2000.

Lyon quickly realized how much the landscape had changed since then.

Instead of using a few machines, the extortion gangs control hundreds of thousands, often the personal computers of people with high-speed DSL lines or cable modems. Most of the PCs were compromised with a series of worms and viruses that began appearing last summer. They spread most easily to machines without firewalls and automated patching from security companies.

The infections force computers to listen for further instructions from a new program or direct them to check with master machines. The resulting armies of computer "bots" -- short for robots -- are used for sending spam and stealing financial information in addition to launching denial-of-service attacks.

Lyon and partner Glenn Lebumfacil designed a new infrastructure for BetCRIS, one that relied on massive computing power far away from Costa Rica. Based in Phoenix, the new computers absorbed mammoth assaults without crashing.

The defenses held. But Lyon was already thinking about offense. So he turned spy.

Although the individual machines used in the attacks were scattered around the world, Lyon used some common software flaws to track them further. They were all taking orders from computer servers hosting a form of anonymous online chat called IRC, for Internet Relay Chat.

Lyon joined the IRC, pretending to be a bot program author from Vancouver, British Columbia, who had 250 machines under his control, but had been away from the scene for a while. He watched as chat participants monitored attacks on Microsoft.com and BetCRIS.com.

Eventually, armed with assistance from Lyon and evidence from traceable payoff money, British authorities went to the Russian Interior Ministry and suggested several arrests, including that of Ivan Maksakov, who lived in Saratov, Russia. In late July, police picked him up, along with a 23-year-old St. Petersburg man and a 24-year-old in Stavropol. Two others are being sought.




Lyon started a new business, Prolexic Technologies Inc., which is based in Hollywood. His sting operation for BetCRIS produced a dozen clients.

The Los Angeles Times is a Tribune Co. newspaper.


Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-03-10 02:33:08 - free yahoo ringtone nokia monophonic... Roman
2007-03-09 22:39:48 - sprint real music ringtone cu500 lg put... Alena
2007-03-09 15:17:48 - My home site My home site topamax 25mg... Alena
2007-03-07 10:13:37 - My home site My home site 100 free sprint... Piter
2007-03-07 10:13:22 - My home site My home site 100 free sprint... Piter
2007-03-07 08:24:54 - My home site download free ringtone nokia... Alex
2007-03-07 02:45:53 - free cell phone ringtone sanyo free... Jon
2007-03-07 02:14:40 - free ringtone for lg vx3200 download free... Jon
2007-03-06 20:17:59 - mp3 ringtone free ware get free ringtone... Piter
2007-03-06 18:39:16 - ringtone makercellular ringtonehip hop... Zoli
Total 24 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo