CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

"Embarrassed" Firms Paying Off DDoS Extortion Demands !   Logged in as: Guest
Viewers: 658 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [News Around The Web] >> Security News >> "Embarrassed" Firms Paying Off DDoS Extortion Demands ! Page: [1]
Message << Older Topic   Newer Topic >>
"Embarrassed" Firms Paying Off DDoS Extortion... - 10/11/2004 7:16:46 AM   

Posts: 12103
Joined: 7/4/2003
From: Melbourne, Victoria, AUS
Status: offline
Experts warn the UK's critical national infrastructure is a target

Despite the numbers of companies involved, victims are too embarassed to report the crime, claims a UK security expert.

Alan Paller, director of research for security organisation SANS, said online extortion was rife and that cybercrime was set to get worse.

"Six or seven thousand organisations are paying online extortion demands," said Paller on Friday at the SANS Institute's Top 20 Vulnerabilities conference. "The epidemic of cybercrime is growing. You don't hear much about it because it's extortion and people feel embarrassed to talk about it."

"Every online gambling site is paying extortion," Paller claimed. "Hackers use DDoS [denial-of-service] attacks using botnets to do it. Then they say 'pay us $40,000 or we'll do it again'."

Paller added he was concerned that the same techniques used for extortion - i.e. DDoS attacks - could easily be used to target organisations in the critical national infrastructure (CNI).

The director of the National Infrastructure Security Co-ordination Centre (NISCC), Roger Cumming, shared Paller's concern.

"There's an enormous amount of extortion," said Cumming. "We are concerned about the technologies of extracting money could be used to endanger the CNI. One of the things we are talking about is how to mitigate that threat."

Paller called for vendors raise their game - he said that security vulnerabilities were their responsibility to fix and that their products should comply with the SANS top 20 vulnerabilities.

"Applications breaking after patching is the operating system vendor's fault," he said. "They tell developers to build applications on unprotected systems. But the other half of the game is that application vendors should have to test their products on safer systems – you do that with procurement."

A spokesman for at least one prominent UK gambling site said that he would rather not comment on the whole issue.

Source :
Post #: 1
Page:   [1]
All Forums >> [News Around The Web] >> Security News >> "Embarrassed" Firms Paying Off DDoS Extortion Demands ! Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI