Cyber-extortion on the rise - but targets the 'fringe'

Security expert Bruce Schneier has warned that cyber-extortion is on the rise, but gave the caveat that it mainly affects "fringe" industries, such as online gambling, rather than critical national infrastructure organisations.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Schneier wrote in a blog post that the security company he founded, Counterpane, has seen proof of attack capability followed by extortion demands - but said the attacks he had seen had not been against power companies. The blog was in response to a CIA statement, reported by security training body the Sans Institute, that a cyberattack had caused a power blackout in multiple cities in a country outside the US. The CIA also said it had evidence of blackmail demands following demonstrations of successful "intrusions through the internet".

Schneier wrote: "Cyber-extortion is certainly on the rise; we see it at Counterpane. Primarily it's against fringe industries - online gambling, online gaming, online porn - operating offshore in countries like Bermuda and the Cayman Islands. [Cyber-extortion] is going mainstream, but this is the first I've heard of it targeting power companies."

Schneier counselled calm, saying it was not known whether supervisory control and data acquisition (Scada) arrays, which many critical national infrastructure organisations use to control and measure systems, had been compromised.

Schneier continued: "This CIA titbit tells us nothing about how the attacks happened. Were they against Scada systems? Were they against general-purpose [computers] - maybe Windows machines? Insiders may have been involved, so was this a computer security vulnerability at all? We have no idea. I'd like a little bit more information before I start panicking."

Alan Paller, director of research for the Sans Institute, told silicon.com sister site ZDNet.co.uk that Tom Donahue - the CIA analyst who reported the attack to a Sans Institute conference - had not divulged the countries involved, nor the method of attack, nor when the attacks had occurred. However, Paller confirmed US power companies had not been involved.

Paller said: "All we know from Tom [Donahue] is that it was not US companies [that were attacked]. The CIA is involved because Tom [Donahue] is the person responsible for the US cyberthreat analysis, and he and his management chain must have felt the risk to US companies was elevated because it had happened for real in other countries, and because the quality of security in many US utilities needs immediate and substantial improvement."

Original article: Schneier: Cyber-extortion on the rise from ZDNet UK