Application security

Russian internet blackmailers jailed

A gang who blackmailed gambling websites for over £2 million through denial-of-service attacks, has been jailed in Russia.

The criminal group targeted British and Irish online casinos and betting shops threatening to attack their websites, and render them inaccessible to online customers. The three men extorted more than £2 million using compromised computers to launch the denial-of-service (DDoS) attacks.

The hackers, Ivan Maksakov, Alexander Petro and Denis Stepanov, were each sentenced to eight years in prison and fined £2000, after Russian authorities worked with the UK National High Tech Crime Unit, Interpol and the FBI to catch the group.

According to prosecutors the men made over 50 blackmail attacks in 30 different countries throughout their six month campaign, starting in September 2003 and costing companies £40 million.

One corporation blackmailed by the gang was Canbet Sports Bookmakers, who refused to pay a £5,500 ransom demand and found their website blocked by the hackers during the Breeders' Cup Races, causing more than £100,000 in lost revenue each day of downtime.

Graham Cluley, senior technology consultant at Sophos, believes the scale of this crime is unknown as many cases go unreported when criminals threaten companies not to speak to the authorities.

"This case is just the tip of the iceberg, but the Russian authorities have hit these criminals hard and these tough sentences should send a strong message to internet hackers considering online blackmail. Malicious DDoS attacks on commercial websites can cause serious financial damage to the businesses affected, and are a major nuisance to internet users," he said.

However, he argues that businesses can adopt measures to prevent targeted attacks and ensure criminals who send malicious emails do not hijack their computers.

"All companies should ensure they have secure defences in place to protect against abuse like this. Protective software and hardware can filter out attacks.

"Companies who are victims of attempted internet-based blackmail shouldn't pay up, but instead report the crime to the relevant authorities. Businesses who pay the ransom only encourage hackers to extort more in future," he added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.