By silicon.com, 27 October 2004 12:45
NEWS A new ploy involving child pornography is being used by extortionists targeting online betting firms with denial of service blackmail threats.
Blackmailers warned UK-based online bookmaker Blue Square yesterday that they would send out emails in Blue Square's name containing child pornography unless the company paid a demand for €7,000.
The threat followed a more traditional denial of service attack that hit the company on Monday, taking Blue Square's site down for five hours.
The email was sent to Blue Square by a 'Bohan Krascevic' from a Yahoo! web email address with a '.se' Sweden suffix. It stated: "You have time until 5 Pm your local time. I will now start an attack for 1 hour. This will be 1/20 of the power I can do. Answer me and I will give you my e-gold account number which must be funded ASAP, 7000 EURO. Waiting for answer."
Peter Pederson, CTO at Blue Square, said the latest threat ups the ante from the traditional denial of service attacks.
"The thing that has distinguished this is the seriousness of the threat. HeÂ’s threatened to send mass email containing child porn from Blue Square accounts. That changes the stakes of these things from being apparently financial extortion to something that has a different kind of impact," he said.
The UK's National Hi-Tech Crime Unit (NHTCU), which arrested three suspected ringleaders of one of the online extortion gangs in Russia earlier this year, confirmed this is a new tactic being used by the criminals.
A spokeswoman for the NHTCU said: "We are investigating it. It is not a threat we have seen before."
On Monday, hackers targeted rival online bookie William Hill with similar demands.
"We did have a DoS attack, but we don’t know where it came from,” said a spokeswoman from William Hill. “We are building in software to prevent this, but it’s a technology game. The NHTCU is aware and we’ve had quite a good relationship with them in the past."
Earlier this month, director of research for security organisation SANS said that every online bookmaker was receiving similar denial-of-service threats.
Dan Ilett writes for ZDNet UK
Comments
There are 4 comments. Join the discussion
1. anonymous
Child porn is a serious threat but threaten the President or the Prime Minister and your world would quickly come crashing down. I'm so scared of the possibilities here that I want to emphatically state that I am not threatening anyone or any site nor am I threatening ANY action. I am simply pointing out a way to up the stakes; something that I'm sure hasn't been overlooked by everybody.
2. Brian Burkill
How far are these extortionists prepared to go. Is there nothing they will not stoop to.
This is sick. In my view, what the bookmakers should do is totally ignore it and have the threat HIGHLY publicised, possibly by way of advertising in the media that they are experiencing criminal attack and as such any emails received supposedly from them can be totally ignored.
The cost of advertising may be more than (and I havent got a Euro symbol on my keyboard) 7000, but it would be money better spent.
Instead of keeping quiet about it, the bookmakers should shout from the rooftops that they are being targeted, and play these people at their own game. ie.. "OK, come and attack us, send your stupid porn emails. We have told as many as possible about you and they know it isnt us."
3. anonymous
Perhaps this new form of attack will give the police the powers to really crack down on these criminals.
The penalties for DOS attacks are small, and there are big difficulties in prosecuting them.
The penalties for transmitting child porn are much higher, and could allow the authorities to demand much higher jail terms for these people.
4. Roy Corneloues
I'd like to know how this guy can receive payment for blackmail and not be tracked...
If the bank do not release the details of this person once the named account has been credited, surely they are as guilty as the blackmailer.