By Mark Ward
BBC News website
4 May 2007
Legitimate businesses are turning to cyber criminals to help them
cripple rival websites, say security experts.
The rise in industrial sabotage comes as some suggest cyber criminals
are turning away from using web-based attack tools in extortion rackets.
Experts suspect this is because of the risks involved in mounting such
an attack on a web shop or retailer.
Instead the tools, usually hijacked home computers, are being used to
pump out junk e-mail.
Often these hijacked PCs, known as bots, are used for "Distributed
Denial of Service" (DDoS) attacks that attempt to knock a site or server
offline by bombarding it with huge amounts of data.
Online gambling sites were among the first to be threatened with DDoS
attacks if they did not hand over significant sums of cash.
In a recent entry on the Symantec Security Response blog, Yazan Gable
said the company had seen a "pretty sharp decline" in the number of
attacks that try to extort cash.
Mr Gable said this was because extortion attacks were no longer
profitable because knocking a website offline via DDoS was "loud and
Many of those controlling the networks of bot computers have now started
using them to send out spam which was just as lucrative and a lot less
risky, said Mr Gable.
But Paul Sop, chief technology officer at Prolexic which helps victims
cope with DDoS attacks, said they were proving as popular as ever.
"We've seen more DDoS attacks in the last few months than we have ever
seen," he said.
The decline could just be part of the arms race between criminals and
"When the gangs feel the pincers coming in they change their strategy,"
There was no reason to think the decline was because such attacks were
no longer profitable. Not least, he said, because only in 20% of cases
do attacks stop once a victim has made a payment.
"Once they have you hooked they'll keep going," he said, "it can get up
to some pretty serious numbers."
Mr Sop said the number of extortion-based attacks had declined a little
but this had been more than made up for by companies using them to
"We are seeing a lot of anti-competitive behaviour," he said.
Mr Sop added that many more Asian targets were being hit by DDoS attacks
- a region in which Symantec did not historically have a big presence.
In Asia, he said, DDoS attacks were proving very popular with
unscrupulous firms keen to get ahead of their rivals.
"The really frightening thing is you can buy access to a botnet for a
small amount of money and you can have you competitor down for a long
time," he said.
In one case that Prolexic helped with a firm was battered for four
months by a rival using a botnet owned by a criminal gang.
"It's a great use of funds to destroy your competitor," he said.
Subscribe to InfoSec News